XSM/Flask Lock Acquisition Vulnerability in Xen Virtualization
CVE-2026-42490

6.5MEDIUM

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 18 June 2026

🔔 Create Xen Project Vulnerability Alert

What is CVE-2026-42490?

The Xen virtualization platform exhibits a vulnerability in the XSM/Flask framework where the lock acquisition process does not prioritize fairness. This can allow certain operations to acquire locks without proper permission checking, potentially leading to unauthorized access or control. Administrators are encouraged to examine their configurations and update to the latest patches to mitigate the risk associated with this vulnerability.

Affected Version(s)

Xen consult Xen advisory XSA-492

References

https://xenbits.xenproject.org/xsa/advisory-492.html

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
Apr 27, 2026

Credit

This issue was discovered by Andrew Cooper of Citrix.

CVE-2026-42490 Data

JSON