SUSE Dracut Vulnerability CVE-2026-6893 Allows Root Code Execution via DHCP Injection
ID: ec449d7f-d331-5aef-8398-679d907fed3a
STIX ID: report--ec449d7f-d331-5aef-8398-679d907fed3a
Feed Name: ThreatCluster
Threat Score
A critical command-injection vulnerability (CVE-2026-6893) in SUSE's dracut can enable attackers to execute arbitrary commands as root via DHCP options; affected products include SUSE Linux Enterprise Server 15 SP4, 16.0, and SUSE Linux Micro 6.2. Remediations released on 24 June and 1 July 2026 sanitize DHCP values and add input validation; administrators are advised to apply the updates promptly. The issue carries CVSS scores between 7.5 and 8.8, indicating high severity.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
