Node Data Leakage in oxenstored: Vulnerability Affecting Xen Project
CVE-2026-23556

9.4CRITICAL

Key Information:

Vendor
CVE Published:
9 July 2026

What is CVE-2026-23556?

A flaw exists in oxenstored where, during the process of tearing down a domain, sensitive node data is improperly cleaned up, leading to leakage of usage counts. This compromise can result in mismanagement of resources when the original domain ID is reused, potentially allowing the new domain to exceed its intended node limit and leading to unintended behavior in resource allocation.

Affected Version(s)

oxenstored all

References

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Andrii Sultanov of Vates.
.