RLSA-2026:26533

See a problem?
Please try reporting it to the source first.
Source
https://errata.rockylinux.org/RLSA-2026:26533
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2026:26533.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2026:26533
Upstream
  • CVE-2026-6893
Published
2026-06-19T00:03:21.214998Z
Modified
2026-06-19T00:30:04.722195706Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Important: dracut security update
Details

The dracut packages contain an event-driven initial RAM file system (initramfs) generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition.

Security Fix(es):

  • dracut: dracut: Root code execution via DHCP options command injection (CVE-2026-6893)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:9 / dracut

Package

Name
dracut
Purl
pkg:rpm/rocky-linux/dracut?distro=rocky-linux-9&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:057-115.git20260527.el9_8
Database specific 
{
    "yum_repository": "BaseOS"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2026:26533.json"