SUSE Dracut Vulnerability CVE-2026-6893 Allows Root Code Execution via DHCP Injection

SUSE Dracut Vulnerability CVE-2026-6893 Allows Root Code Execution via DHCP Injection

First seen 2 Jul 2026, 00:02 UTC Linuxsecurity 96% similarity 72.5
Share:

Article Content

Browse articles
ThreatCluster

A critical vulnerability, CVE-2026-6893, has been identified in SUSE's dracut, allowing root code execution through DHCP options command injection. This flaw affects multiple SUSE Linux Enterprise products, including versions 15 SP4 and 16.0, as well as SUSE Linux Micro 6.2. The vulnerability was published on June 10, 2026, and has been addressed in updates released on July 1 and June 24, 2026. The updates include sanitization of DHCP values and input validation improvements. System administrators are advised to apply the patches immediately to mitigate potential exploitation. The CVSS scores for the vulnerability range from 7.5 to 8.8, indicating a high severity level. The flaw could allow attackers to execute arbitrary commands with root privileges, posing a significant risk to affected systems.

Key Points: • CVE-2026-6893 allows root code execution via DHCP command injection in SUSE dracut. • Affected systems include SUSE Linux Enterprise Server 15 SP4, 16.0, and Micro 6.2. • Patches released on July 1 and June 24, 2026, address the critical vulnerability.

ThreatCluster AI

Timeline

2026-06-10
CVE-2026-6893 published
SUSE disclosed a vulnerability in dracut allowing root code execution via DHCP options command injection.
Linuxsecurity
2026-06-24
Patch for SUSE Linux Micro 6.2 released
An update was issued to fix CVE-2026-6893, improving DHCP value sanitization and input validation.
Linuxsecurity
2026-07-01
Patches for SUSE Linux Enterprise Server released
Updates addressing CVE-2026-6893 were released for multiple SUSE products, including version 15 SP4.
Linuxsecurity
2026-07-01
Additional patch for SUSE Server for SAP Applications released
SUSE released another update for SAP Applications to address the same vulnerability in dracut.
Linuxsecurity

Community

Browse all →