Linuxsecurity
SUSE Dracut Vulnerability CVE-2026-6893 Allows Root Code Execution via DHCP Injection
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A critical vulnerability, CVE-2026-6893, has been identified in SUSE's dracut, allowing root code execution through DHCP options command injection. This flaw affects multiple SUSE Linux Enterprise products, including versions 15 SP4 and 16.0, as well as SUSE Linux Micro 6.2. The vulnerability was published on June 10, 2026, and has been addressed in updates released on July 1 and June 24, 2026. The updates include sanitization of DHCP values and input validation improvements. System administrators are advised to apply the patches immediately to mitigate potential exploitation. The CVSS scores for the vulnerability range from 7.5 to 8.8, indicating a high severity level. The flaw could allow attackers to execute arbitrary commands with root privileges, posing a significant risk to affected systems.
Key Points: • CVE-2026-6893 allows root code execution via DHCP command injection in SUSE dracut. • Affected systems include SUSE Linux Enterprise Server 15 SP4, 16.0, and Micro 6.2. • Patches released on July 1 and June 24, 2026, address the critical vulnerability.