CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration Protocol) options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and written into temporary shell scripts without proper escaping, leading to command injection. This allows the attacker to achieve root code execution within the initramfs, potentially compromising the system's boot and network behavior.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2026:26532
https://access.redhat.com/errata/RHSA-2026:26533
https://access.redhat.com/errata/RHSA-2026:26534
https://access.redhat.com/errata/RHSA-2026:26713
https://access.redhat.com/security/cve/CVE-2026-6893
https://bugzilla.redhat.com/show_bug.cgi?id=2459963

Configurations

No configuration.

History

27 Jun 2026, 09:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:26713 -

17 Jun 2026, 20:17

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:26532 - () https://access.redhat.com/errata/RHSA-2026:26533 - () https://access.redhat.com/errata/RHSA-2026:26534 -

16 Jun 2026, 19:17

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 7.5

10 Jun 2026, 20:22

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-10 20:17

Updated : 2026-06-27 09:16

NVD link : CVE-2026-6893

Mitre link : CVE-2026-6893

CVE.ORG link : CVE-2026-6893

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2026-6893", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-6893", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-06-12T12:29:45.330884Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "affected": [{"source": "secalert@redhat.com", "affectedData": [{"cpes": ["cpe:/o:redhat:enterprise_linux:10.2"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "versions": [{"status": "unaffected", "version": "0:107-7.el10_2", "lessThan": "*", "versionType": "rpm"}], "packageName": "dracut", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:049-244.git20260529.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "dracut", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:057-115.git20260527.el9_8", "lessThan": "*", "versionType": "rpm"}], "packageName": "dracut", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:057-115.git20260527.el9_8", "lessThan": "*", "versionType": "rpm"}], "packageName": "dracut", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:hummingbird:1"], "vendor": "Red Hat", "product": "Red Hat Hardened Images", "versions": [{"status": "unaffected", "version": "109-6.hum1", "lessThan": "*", "versionType": "rpm"}], "packageName": "dracut-main", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "dracut", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "dracut", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "rhcos", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}]}], "published": "2026-06-10T20:17:29.807", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:26532", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:26533", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:26534", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:26713", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-6893", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459963", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration Protocol) options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and written into temporary shell scripts without proper escaping, leading to command injection. This allows the attacker to achieve root code execution within the initramfs, potentially compromising the system's boot and network behavior."}], "lastModified": "2026-06-27T09:16:24.547", "sourceIdentifier": "secalert@redhat.com"}