rootio-linux: Unauthenticated command injection in rootio

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

rootio-linux: Unauthenticated command injection in rootio

ROOT-OS-DEBIAN-12-CVE-2026-23304

Summary

A security patch has been released for rootio-linux, a Debian-based Linux distribution for IoT devices. An attacker could potentially inject malicious commands without being authenticated, which could lead to unauthorized access or system compromise. Update to the latest version to address this vulnerability.

What to do

Update rootio-linux to version 6.1.164-1.root.io.113.

Affected software

Vendor	Product	Affected versions	Fix available
–	rootio-linux	<= 6.1.164-1.root.io.113	6.1.164-1.root.io.113

Original title

CVE-2026-23304 in rootio-linux - Patched by Root

Original description

Root has patched CVE-2026-23304 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available.

Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026