Shadow Paging Vulnerability in Xen Hypervisor
CVE-2026-42488

8.1HIGH

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 18 June 2026

🔔 Create Xen Project Vulnerability Alert

What is CVE-2026-42488?

A recent vulnerability in the Xen Hypervisor relates to shadow paging errors in which the page-tables may be switched without updating the currently running vCPU reference. This inconsistency can cause a mismatch between the loaded page-tables and the mapcache metadata, potentially leading to corruption of the mapcache. Such corruption can ultimately compromise system stability and security, prompting immediate attention from users to apply necessary patches as detailed in advisory XSA-494.

Affected Version(s)

Xen consult Xen advisory XSA-494

References

https://xenbits.xenproject.org/xsa/advisory-494.html

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
Apr 27, 2026

Credit

This issue was discovered by Roger Pau Monné of XenServer.

CVE-2026-42488 Data

JSON