Node Data Leakage in oxenstored: Vulnerability Affecting Xen Project
CVE-2026-23556
9.4CRITICAL
What is CVE-2026-23556?
A flaw exists in oxenstored where, during the process of tearing down a domain, sensitive node data is improperly cleaned up, leading to leakage of usage counts. This compromise can result in mismanagement of resources when the original domain ID is reused, potentially allowing the new domain to exceed its intended node limit and leading to unintended behavior in resource allocation.
Affected Version(s)
oxenstored all
References
CVSS V4
Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This issue was discovered by Andrii Sultanov of Vates.