SUSE Dracut Vulnerability Allows Root Code Execution via DHCP Injection

SUSE Dracut Vulnerability Allows Root Code Execution via DHCP Injection

First seen 2 Jul 2026, 00:02 UTC Linuxsecurity 95% similarity 58.5
Share:

Article Content

Browse articles
ThreatCluster

SUSE has released important updates for dracut addressing CVE-2026-6893, a vulnerability that allows root code execution through DHCP options command injection. This flaw affects SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2, with the potential for significant impact due to improper sanitization of DHCP values in the dhclient-script.sh. The vulnerability was published on June 10, 2026, and has been assigned a CVSS score indicating a medium severity level. Users are advised to apply the patches using SUSE's recommended installation methods. The updates include input validation improvements to mitigate the risk of exploitation. The vulnerability has been confirmed and is categorized as important by SUSE, necessitating prompt action from system administrators.

Key Points: • CVE-2026-6893 allows root code execution via DHCP command injection. • Affected systems include SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2. • Patches are available and should be applied immediately to mitigate risks.

ThreatCluster AI

Timeline

2026-06-10
CVE-2026-6893 published
SUSE disclosed a vulnerability allowing root code execution through DHCP options command injection.
Linuxsecurity
2026-06-24
Patch released for SUSE Linux Enterprise Server
SUSE issued an update to address CVE-2026-6893, providing necessary patches for affected systems.
Linuxsecurity
2026-06-24
Patch released for SUSE Linux Micro 6.2
An update was also made available for SUSE Linux Micro 6.2 to fix the same vulnerability.
Linuxsecurity
2026-07-01
SUSE urges users to apply patches
SUSE has reiterated the importance of applying the patches to mitigate the risk associated with CVE-2026-6893.
Linuxsecurity

Community

Browse all →