Updated 30 June (add Mitigation and LTS branch)
First published 17 June 2026
CVSS:3.1: 6.1 (Medium)
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A security vulnerability has been found in the IGEL OS boot mechanism. This affects the following product versions:
-
IGEL OS 12
-
IGEL OS 11
Details
It has been discovered that an attacker with physical access can manipulate the GRUB boot stage in IGEL OS to drop to a root shell.
Mitigation
-
As the attack requires physical access to the devices, keep them in secured rooms and buildings.
-
In the device BIOS, forbid booting from USB media and set a BIOS password.
Update Instructions
-
OS 12: Update the Base system app to version 12.9.0 or 12.8.3 LTS or newer.
-
OS 11: Update to IGEL OS 11.11.150 or newer.