logo

SUSE Dracut Vulnerability CVE-2026-6893 Allows Root Code Execution via DHCP Injection

ID: ec449d7f-d331-5aef-8398-679d907fed3a

STIX ID: report--ec449d7f-d331-5aef-8398-679d907fed3a

Feed Name: ThreatCluster

Threat Score
70/100

Date Published: 2026-07-01

Date Updated: 2026-07-05

...
...

A critical command-injection vulnerability (CVE-2026-6893) in SUSE's dracut can enable attackers to execute arbitrary commands as root via DHCP options; affected products include SUSE Linux Enterprise Server 15 SP4, 16.0, and SUSE Linux Micro 6.2. Remediations released on 24 June and 1 July 2026 sanitize DHCP values and add input validation; administrators are advised to apply the updates promptly. The issue carries CVSS scores between 7.5 and 8.8, indicating high severity.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.