RLSA-2026:26534

See a problem?
Please try reporting it to the source first.
Source
https://errata.rockylinux.org/RLSA-2026:26534
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2026:26534.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2026:26534
Upstream
  • CVE-2026-6893
Published
2026-06-19T00:00:43.922159Z
Modified
2026-06-19T00:30:04.733171713Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Important: dracut security update
Details

The dracut packages contain an event-driven initial RAM file system (initramfs) generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition.

Security Fix(es):

  • dracut: dracut: Root code execution via DHCP options command injection (CVE-2026-6893)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / dracut

Package

Name
dracut
Purl
pkg:rpm/rocky-linux/dracut?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:049-244.git20260529.el8_10
Database specific 
{
    "yum_repository": "BaseOS"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2026:26534.json"