SUSE and openSUSE Pacemaker Vulnerability CVE-2026-10649 Patches Released

SUSE and openSUSE Pacemaker Vulnerability CVE-2026-10649 Patches Released

First seen 3 Jul 2026, 13:32 UTC Linuxsecurity 73% similarity 70.5
Share:

Article Content

Browse articles
ThreatCluster

A denial-of-service vulnerability (CVE-2026-10649) was identified in SUSE Pacemaker, allowing attackers to exploit an integer overflow during remote message decompression. This flaw affects SUSE Linux Enterprise and openSUSE systems, with a CVSS score of 8.6 indicating high severity. The vulnerability was published on June 16, 2026, and patches have been released for both SUSE and openSUSE systems. Users are advised to update their systems using recommended installation methods such as 'zypper patch' or 'YaST online_update'. The vulnerability could lead to service disruptions if not addressed promptly. The updates include several fixes aimed at improving the security of remote message handling in Pacemaker. Both articles emphasize the importance of applying the updates to mitigate potential attacks.

Key Points: • CVE-2026-10649 allows denial-of-service via integer overflow in Pacemaker. • Affected systems include SUSE Linux Enterprise and openSUSE versions. • Patches are available and should be applied immediately to prevent exploitation.

ThreatCluster AI

Timeline

2026-06-16
CVE-2026-10649 published
A denial-of-service vulnerability was disclosed affecting SUSE Pacemaker, allowing integer overflow exploitation.
Linuxsecurity
2026-07-01
SUSE releases patch for CVE-2026-10649
SUSE released an important update to fix the denial-of-service vulnerability in Pacemaker.
Linuxsecurity
2026-07-03
openSUSE releases patch for CVE-2026-10649
openSUSE issued a security update to address the same denial-of-service vulnerability in Pacemaker.
Linuxsecurity

Community

Browse all →