CVE-2026-23556
CRITICAL
9.4
CVSS 4.0
Description
When oxenstored is tearing a domain down, the node data is cleaned up
but the usage counts are leaked.
When the domain ID is eventually reused, the new domain can create fewer
nodes before beeing deemed to be over quota.
Metadata
Severity & Metrics
9.4
CRITICAL CVSS 4.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Xen | oxenstored | — | all |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-281 | cna | CWE-281 Improper preservation of permissions |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 9.4 | CRITICAL | 4.0 | cna | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
References (1)