CVE-2026-6893

Name: CVE-2026-6893
Creator: NVD / NIST
Published: 2026-06-10T20:17:29.807+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 1.13%

Last modified Jun 17, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration Protocol) options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and written into temporary shell scripts without proper escaping, leading to command injection. This allows the attacker to achieve root code execution within the initramfs, potentially compromising the system's boot and network behavior.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.13%

62.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

References

Timeline

Published: Jun 10, 2026
Last Modified: Jun 17, 2026
Status: Awaiting Analysis

Are you affected by CVE-2026-6893?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST