Linuxsecurity
SUSE and openSUSE Pacemaker Vulnerability CVE-2026-10649 Patches Released
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A denial-of-service vulnerability (CVE-2026-10649) was identified in SUSE Pacemaker, allowing attackers to exploit an integer overflow during remote message decompression. This flaw affects SUSE Linux Enterprise and openSUSE systems, with a CVSS score of 8.6 indicating high severity. The vulnerability was published on June 16, 2026, and patches have been released for both SUSE and openSUSE systems. Users are advised to update their systems using recommended installation methods such as 'zypper patch' or 'YaST online_update'. The vulnerability could lead to service disruptions if not addressed promptly. The updates include several fixes aimed at improving the security of remote message handling in Pacemaker. Both articles emphasize the importance of applying the updates to mitigate potential attacks.
Key Points: • CVE-2026-10649 allows denial-of-service via integer overflow in Pacemaker. • Affected systems include SUSE Linux Enterprise and openSUSE versions. • Patches are available and should be applied immediately to prevent exploitation.