CVE-2026-21437 is a vulnerability in the eopkg package manager used by the Solus Linux distribution, identified as CWE-353 (Missing Support for Integrity Check). In versions prior to 4.4.0, eopkg fails to track certain files included in malicious packages, allowing these files to be installed without visibility through standard package management commands such as `lseopkg`. This flaw arises because the package manager does not perform comprehensive integrity verification on all files within a package, enabling attackers to hide unauthorized files that could contain malicious code or backdoors. Exploitation requires that a user with high privileges installs a package from a malicious or compromised source, which implies user interaction and elevated privileges are necessary. The vulnerability does not affect users who install packages solely from the official Solus repositories, as these are trusted and verified. The issue was addressed in eopkg version 4.4.0 by adding proper integrity checks to ensure all files in a package are tracked and verified. The CVSS 4.0 base score is 2.0, reflecting low severity due to the limited attack vector (local), required privileges, and user interaction. No known exploits have been reported in the wild, indicating limited active threat at present.

For European organizations using Solus Linux with eopkg versions below 4.4.0, this vulnerability could allow attackers who manage to convince privileged users to install malicious packages from untrusted sources to deploy hidden files on critical systems. These hidden files could be used to establish persistence, execute unauthorized code, or facilitate further compromise without detection by standard package management tools. Although the impact is limited by the need for high privileges and user interaction, targeted attacks against development, research, or specialized infrastructure running Solus could lead to confidentiality breaches or integrity violations. The risk is mitigated for organizations that restrict package installations to official Solus repositories, which are not affected. However, environments with lax package source controls or where users have elevated privileges are more vulnerable. The overall impact on availability is minimal, but stealthy persistence or data integrity attacks remain possible.

European organizations should ensure all Solus systems using eopkg are upgraded to version 4.4.0 or later to benefit from the fixed integrity checks. Strictly enforce the use of official Solus repositories for package installations and disallow installation from untrusted or third-party sources. Implement role-based access controls to limit package installation privileges to trusted administrators only. Employ monitoring solutions that can detect anomalous file system changes outside of package management tools, such as file integrity monitoring (FIM) systems. Conduct regular audits of installed packages and their files to identify discrepancies. Educate users and administrators about the risks of installing packages from unverified sources and the importance of verifying package authenticity. Consider deploying application whitelisting to prevent execution of unauthorized binaries. Finally, maintain up-to-date backups to recover from potential compromise.