Stay Secure with the Latest Linux Advisories

security advisoryimportantcommand injection

Rocky Linux 10 Dracut Important Code Execution Risk RLSA-2026-26532

Important: dracut security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:26532", "synopsis": "Important: dracut security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for dracut.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The dracut packages contain an event-driven initial RAM file system (initramfs) generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition.\n\nSecurity Fix(es):\n\n* dracut: dracut: Root code execution via DHCP options command injection (CVE-2026-6893)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2459963", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2459963", "description": ""}], "cves": [{"name": "CVE-2026-6893", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6893", "cvss3ScoringVector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-78"}], "references": [], "publishedAt": "2026-06-19T06:04:41.448408Z", "rpms": {"Rocky Linux 10": {"nvras": ["dracut-debugsource-0:107-7.el10_2.s390x.rpm", "dracut-squash-0:107-7.el10_2.s390x.rpm", "dracut-0:107-7.el10_2.s390x.rpm", "dracut-debugsource-0:107-7.el10_2.ppc64le.rpm", "dracut-debuginfo-0:107-7.el10_2.s390x.rpm", "dracut-config-generic-0:107-7.el10_2.x86_64.rpm", "dracut-0:107-7.el10_2.x86_64.rpm", "dracut-config-rescue-0:107-7.el10_2.x86_64.rpm", "dracut-caps-0:107-7.el10_2.aarch64.rpm", "dracut-debugsource-0:107-7.el10_2.aarch64.rpm","dracut-caps-0:107-7.el10_2.s390x.rpm", "dracut-caps-0:107-7.el10_2.x86_64.rpm", "dracut-network-0:107-7.el10_2.ppc64le.rpm", "dracut-live-0:107-7.el10_2.s390x.rpm", "dracut-network-0:107-7.el10_2.x86_64.rpm", "dracut-debuginfo-0:107-7.el10_2.aarch64.rpm", "dracut-tools-0:107-7.el10_2.ppc64le.rpm", "dracut-0:107-7.el10_2.aarch64.rpm", "dracut-config-rescue-0:107-7.el10_2.ppc64le.rpm", "dracut-config-rescue-0:107-7.el10_2.s390x.rpm", "dracut-config-generic-0:107-7.el10_2.ppc64le.rpm", "dracut-tools-0:107-7.el10_2.x86_64.rpm", "dracut-squash-0:107-7.el10_2.aarch64.rpm", "dracut-debugsource-0:107-7.el10_2.x86_64.rpm", "dracut-squash-0:107-7.el10_2.x86_64.rpm", "dracut-debuginfo-0:107-7.el10_2.ppc64le.rpm", "dracut-config-generic-0:107-7.el10_2.aarch64.rpm", "dracut-live-0:107-7.el10_2.aarch64.rpm", "dracut-0:107-7.el10_2.src.rpm", "dracut-network-0:107-7.el10_2.aarch64.rpm", "dracut-live-0:107-7.el10_2.x86_64.rpm", "dracut-live-0:107-7.el10_2.ppc64le.rpm", "dracut-config-generic-0:107-7.el10_2.s390x.rpm", "dracut-squash-0:107-7.el10_2.ppc64le.rpm", "dracut-debuginfo-0:107-7.el10_2.x86_64.rpm", "dracut-config-rescue-0:107-7.el10_2.aarch64.rpm", "dracut-network-0:107-7.el10_2.s390x.rpm", "dracut-tools-0:107-7.el10_2.aarch64.rpm", "dracut-0:107-7.el10_2.ppc64le.rpm", "dracut-caps-0:107-7.el10_2.ppc64le.rpm", "dracut-tools-0:107-7.el10_2.s390x.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical security update for dracut on Rocky Linux 10 ensures protection against potential command injection exploits.. Rocky Linux dracut update command injection security. . Severity: Important. LinuxSecurity.com Team

Jun 19, 2026 •Important Rocky Linux