Vulnerability-Lookup

CVE-2026-23557 (GCVE-0-2026-23557)

Vulnerability from cvelistv5 – Published: 2026-05-19 12:49 – Updated: 2026-05-19 14:42

Title

Xenstored DoS via XS_RESET_WATCHES command

Summary

Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will happen, as assert() is doing nothing in this case. Note that the default is not to define NDEBUG for xenstored builds even in release builds of Xen.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-617 - Reachable Assertion

Assigner

XEN

References

3 references

URL	Tags
https://xenbits.xenproject.org/xsa/advisory-484.html
http://www.openwall.com/lists/oss-security/2026/0…
http://xenbits.xen.org/xsa/advisory-484.html

Impacted products

1 product

Vendor	Product	Version
Xen	Xen	Unknown: consult Xen advisory XSA-484

Date Public

2026-04-28 12:00

Credits

This issue was discovered by Andrii Sultanov of Vates.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-19T13:06:41.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/28/11"
          },
          {
            "url": "http://xenbits.xen.org/xsa/advisory-484.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-23557",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-19T14:42:12.994792Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-617",
                "description": "CWE-617 Reachable Assertion",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-19T14:42:45.464Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Xen",
          "vendor": "Xen",
          "versions": [
            {
              "status": "unknown",
              "version": "consult Xen advisory XSA-484"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "All Xen systems from Xen 4.2 onwards are vulnerable. Systems up to\nXen 4.1 are not vulnerable.\n\nSystems using the C variant of xenstored or xenstore-stubdom built\nwithout NDEBUG are vulnerable. Systems using the OCaml variant of\nXenstore (oxenstored), or the C variant (xenstored or xenstore-stubdom)\nbuilt with NDEBUG defined are not vulnerable."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This issue was discovered by Andrii Sultanov of Vates."
        }
      ],
      "datePublic": "2026-04-28T12:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES\ncommand within a transaction due to an assert() triggering.\n\nIn case xenstored was built with NDEBUG #defined nothing bad will\nhappen, as assert() is doing nothing in this case. Note that the\ndefault is not to define NDEBUG for xenstored builds even in release\nbuilds of Xen."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Any unprivileged domain can cause xenstored to crash, causing a\nDoS (denial of service) for any Xenstore action. This will result\nin an inability to perform further domain administration on the host."
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T12:49:42.202Z",
        "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
        "shortName": "XEN"
      },
      "references": [
        {
          "url": "https://xenbits.xenproject.org/xsa/advisory-484.html"
        }
      ],
      "title": "Xenstored DoS via XS_RESET_WATCHES command",
      "workarounds": [
        {
          "lang": "en",
          "value": "There is no known mitigation available."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
    "assignerShortName": "XEN",
    "cveId": "CVE-2026-23557",
    "datePublished": "2026-05-19T12:49:42.202Z",
    "dateReserved": "2026-01-14T13:07:36.961Z",
    "dateUpdated": "2026-05-19T14:42:45.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-23557",
      "date": "2026-06-18",
      "epss": "0.00158",
      "percentile": "0.05291"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-23557\",\"sourceIdentifier\":\"security@xen.org\",\"published\":\"2026-05-19T14:16:38.817\",\"lastModified\":\"2026-05-19T18:56:35.513\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES\\ncommand within a transaction due to an assert() triggering.\\n\\nIn case xenstored was built with NDEBUG #defined nothing bad will\\nhappen, as assert() is doing nothing in this case. Note that the\\ndefault is not to define NDEBUG for xenstored builds even in release\\nbuilds of Xen.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-617\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2.0\",\"matchCriteriaId\":\"37DFEBDB-42A9-4A8C-A040-CC08782EF553\"}]}]}],\"references\":[{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-484.html\",\"source\":\"security@xen.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/04/28/11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-484.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/04/28/11\"}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-484.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-05-19T13:06:41.611Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-23557\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-19T14:42:12.994792Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-617\", \"description\": \"CWE-617 Reachable Assertion\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-19T14:41:23.482Z\"}}], \"cna\": {\"title\": \"Xenstored DoS via XS_RESET_WATCHES command\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"This issue was discovered by Andrii Sultanov of Vates.\"}], \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Any unprivileged domain can cause xenstored to crash, causing a\\nDoS (denial of service) for any Xenstore action. This will result\\nin an inability to perform further domain administration on the host.\"}]}], \"affected\": [{\"vendor\": \"Xen\", \"product\": \"Xen\", \"versions\": [{\"status\": \"unknown\", \"version\": \"consult Xen advisory XSA-484\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2026-04-28T12:00:00.000Z\", \"references\": [{\"url\": \"https://xenbits.xenproject.org/xsa/advisory-484.html\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There is no known mitigation available.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES\\ncommand within a transaction due to an assert() triggering.\\n\\nIn case xenstored was built with NDEBUG #defined nothing bad will\\nhappen, as assert() is doing nothing in this case. Note that the\\ndefault is not to define NDEBUG for xenstored builds even in release\\nbuilds of Xen.\"}], \"configurations\": [{\"lang\": \"en\", \"value\": \"All Xen systems from Xen 4.2 onwards are vulnerable. Systems up to\\nXen 4.1 are not vulnerable.\\n\\nSystems using the C variant of xenstored or xenstore-stubdom built\\nwithout NDEBUG are vulnerable. Systems using the OCaml variant of\\nXenstore (oxenstored), or the C variant (xenstored or xenstore-stubdom)\\nbuilt with NDEBUG defined are not vulnerable.\"}], \"providerMetadata\": {\"orgId\": \"23aa2041-22e1-471f-9209-9b7396fa234f\", \"shortName\": \"XEN\", \"dateUpdated\": \"2026-05-19T12:49:42.202Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-23557\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-19T14:42:45.464Z\", \"dateReserved\": \"2026-01-14T13:07:36.961Z\", \"assignerOrgId\": \"23aa2041-22e1-471f-9209-9b7396fa234f\", \"datePublished\": \"2026-05-19T12:49:42.202Z\", \"assignerShortName\": \"XEN\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2026-1306

Vulnerability from csaf_certbund - Published: 2026-04-28 22:00 - Updated: 2026-06-08 22:00

Summary

Xen und Citrix Systems XenServer: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Xen ist ein Virtueller-Maschinen-Monitor (VMM), der Hardware (x86, IA-64, PowerPC) für die darauf laufenden Systeme (Domains) paravirtualisiert. Citrix XenServer ist eine Lösung für das Management, die Konfiguration und den Betrieb virtueller Maschinen auf Servern.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Xen und Citrix Systems XenServer ausnutzen, um seine Privilegien zu erhöhen, Sicherheitsmaßnahmen zu umgehen, Daten zu verändern und offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme: - Linux - Sonstiges - Windows

CVE-2026-23558

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Citrix Systems XenServer 8.4 Citrix Systems / XenServer	`cpe:/a:citrix:xenserver:8.4`	8.4
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Open Source Xen >=4.2 Open Source / Xen		>=4.2

CVE-2026-23556

Affected products

Known affected 7 products

Product	Identifier	Version
Open Source Xen XSA-419 Open Source / Xen	`cpe:/o:xen:xen:xsa-419`	XSA-419
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Citrix Systems XenServer 8.4 Citrix Systems / XenServer	`cpe:/a:citrix:xenserver:8.4`	8.4
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-23559

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Citrix Systems XenServer 8.4 Citrix Systems / XenServer	`cpe:/a:citrix:xenserver:8.4`	8.4
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Open Source Xen XAPI Open Source / Xen	`cpe:/o:xen:xen:xapi`	XAPI

CVE-2026-23560

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Citrix Systems XenServer 8.4 Citrix Systems / XenServer	`cpe:/a:citrix:xenserver:8.4`	8.4
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Open Source Xen XAPI Open Source / Xen	`cpe:/o:xen:xen:xapi`	XAPI

CVE-2026-23561

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Citrix Systems XenServer 8.4 Citrix Systems / XenServer	`cpe:/a:citrix:xenserver:8.4`	8.4
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Open Source Xen XAPI Open Source / Xen	`cpe:/o:xen:xen:xapi`	XAPI

CVE-2026-23562

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Open Source Xen XAPI Open Source / Xen	`cpe:/o:xen:xen:xapi`	XAPI

CVE-2026-42486

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Open Source Xen XAPI Open Source / Xen	`cpe:/o:xen:xen:xapi`	XAPI

CVE-2026-23557

Affected products

Known affected 5 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-31786

Affected products

Known affected 5 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-31787

Affected products

Known affected 5 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

24 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://xenbits.xen.org/xsa/advisory-483.html	external
https://xenbits.xen.org/xsa/advisory-484.html	external
https://xenbits.xen.org/xsa/advisory-485.html	external
https://xenbits.xen.org/xsa/advisory-486.html	external
https://xenbits.xen.org/xsa/advisory-487.html	external
https://xenbits.xen.org/xsa/advisory-489.html	external
https://support.citrix.com/support-home/kbsearch/…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://lists.debian.org/debian-security-announce…	external
https://lists.debian.org/debian-security-announce…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:24381	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Xen ist ein Virtueller-Maschinen-Monitor (VMM), der Hardware (x86, IA-64, PowerPC) f\u00fcr die darauf laufenden Systeme (Domains) paravirtualisiert.\r\nCitrix XenServer ist eine L\u00f6sung f\u00fcr das Management, die Konfiguration und den Betrieb virtueller Maschinen auf Servern.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Xen und Citrix Systems XenServer ausnutzen, um seine Privilegien zu erh\u00f6hen, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu ver\u00e4ndern und offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1306 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1306.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1306 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1306"
      },
      {
        "category": "external",
        "summary": "Xen Security Advisory vom 2026-04-28",
        "url": "https://xenbits.xen.org/xsa/advisory-483.html"
      },
      {
        "category": "external",
        "summary": "Xen Security Advisory vom 2026-04-28",
        "url": "https://xenbits.xen.org/xsa/advisory-484.html"
      },
      {
        "category": "external",
        "summary": "Xen Security Advisory vom 2026-04-28",
        "url": "https://xenbits.xen.org/xsa/advisory-485.html"
      },
      {
        "category": "external",
        "summary": "Xen Security Advisory vom 2026-04-28",
        "url": "https://xenbits.xen.org/xsa/advisory-486.html"
      },
      {
        "category": "external",
        "summary": "Xen Security Advisory vom 2026-04-28",
        "url": "https://xenbits.xen.org/xsa/advisory-487.html"
      },
      {
        "category": "external",
        "summary": "Xen Security Advisory vom 2026-04-28",
        "url": "https://xenbits.xen.org/xsa/advisory-489.html"
      },
      {
        "category": "external",
        "summary": "Citrix XenServer Security Update vom 2026-04-28",
        "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696527\u0026articleURL=XenServer_Security_Update_for_Multiple_Issues"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1657-1 vom 2026-04-29",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025766.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-0C9AFF64A5 vom 2026-04-29",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-0c9aff64a5"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-78CD69D9AE vom 2026-04-29",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-78cd69d9ae"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6238 vom 2026-05-04",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00148.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6243 vom 2026-05-04",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00154.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10660-1 vom 2026-05-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2ZGHLYRMCFK5DY7XYNQC3RXMO73GDQX6/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1692-1 vom 2026-05-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025844.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1743-1 vom 2026-05-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025928.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1998-1 vom 2026-05-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026142.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2066-1 vom 2026-05-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026281.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2102-1 vom 2026-05-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026374.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4606 vom 2026-05-29",
        "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00051.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21860-1 vom 2026-06-01",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026426.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2195-1 vom 2026-06-01",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026416.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:24381 vom 2026-06-08",
        "url": "https://access.redhat.com/errata/RHSA-2026:24381"
      }
    ],
    "source_lang": "en-US",
    "title": "Xen und Citrix Systems XenServer: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-08T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-09T09:02:16.240+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1306",
      "initial_release_date": "2026-04-28T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-28T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-29T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE und Fedora aufgenommen"
        },
        {
          "date": "2026-05-03T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian und European Union Vulnerability Database aufgenommen"
        },
        {
          "date": "2026-05-04T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-05-05T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-05-07T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-05-19T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE und European Union Vulnerability Database aufgenommen"
        },
        {
          "date": "2026-05-26T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-05-28T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-05-31T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2026-06-01T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-06-08T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "12"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.4",
                "product": {
                  "name": "Citrix Systems XenServer 8.4",
                  "product_id": "T053402",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:citrix:xenserver:8.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "XenServer"
          }
        ],
        "category": "vendor",
        "name": "Citrix Systems"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=4.0",
                "product": {
                  "name": "Open Source Xen \u003e=4.0",
                  "product_id": "T053396"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=4.0",
                "product": {
                  "name": "Open Source Xen \u003e=4.0",
                  "product_id": "T053396-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "XSA-419",
                "product": {
                  "name": "Open Source Xen XSA-419",
                  "product_id": "T053397",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:xen:xen:xsa-419"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "XAPI",
                "product": {
                  "name": "Open Source Xen XAPI",
                  "product_id": "T053398",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:xen:xen:xapi"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=4.2",
                "product": {
                  "name": "Open Source Xen \u003e=4.2",
                  "product_id": "T053399"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=4.2",
                "product": {
                  "name": "Open Source Xen \u003e=4.2",
                  "product_id": "T053399-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "Linux kernel \u003e=4.13",
                "product": {
                  "name": "Open Source Xen Linux kernel \u003e=4.13",
                  "product_id": "T053400"
                }
              },
              {
                "category": "product_version_range",
                "name": "Linux kernel \u003e=4.13",
                "product": {
                  "name": "Open Source Xen Linux kernel \u003e=4.13",
                  "product_id": "T053400-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "Linux PVH or HVM \u003e=3.8",
                "product": {
                  "name": "Open Source Xen Linux PVH or HVM \u003e=3.8",
                  "product_id": "T053401"
                }
              },
              {
                "category": "product_version_range",
                "name": "Linux PVH or HVM \u003e=3.8",
                "product": {
                  "name": "Open Source Xen Linux PVH or HVM \u003e=3.8",
                  "product_id": "T053401-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "Xen"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-23558",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "T053402",
          "74185",
          "T053399"
        ]
      },
      "release_date": "2026-04-28T22:00:00.000+00:00",
      "title": "CVE-2026-23558"
    },
    {
      "cve": "CVE-2026-23556",
      "product_status": {
        "known_affected": [
          "T053397",
          "2951",
          "T002207",
          "67646",
          "T027843",
          "T053402",
          "74185"
        ]
      },
      "release_date": "2026-04-28T22:00:00.000+00:00",
      "title": "CVE-2026-23556"
    },
    {
      "cve": "CVE-2026-23559",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "T053402",
          "74185",
          "T053398"
        ]
      },
      "release_date": "2026-04-28T22:00:00.000+00:00",
      "title": "CVE-2026-23559"
    },
    {
      "cve": "CVE-2026-23560",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "T053402",
          "74185",
          "T053398"
        ]
      },
      "release_date": "2026-04-28T22:00:00.000+00:00",
      "title": "CVE-2026-23560"
    },
    {
      "cve": "CVE-2026-23561",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "T053402",
          "74185",
          "T053398"
        ]
      },
      "release_date": "2026-04-28T22:00:00.000+00:00",
      "title": "CVE-2026-23561"
    },
    {
      "cve": "CVE-2026-23562",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "74185",
          "T053398"
        ]
      },
      "release_date": "2026-04-28T22:00:00.000+00:00",
      "title": "CVE-2026-23562"
    },
    {
      "cve": "CVE-2026-42486",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "74185",
          "T053398"
        ]
      },
      "release_date": "2026-04-28T22:00:00.000+00:00",
      "title": "CVE-2026-42486"
    },
    {
      "cve": "CVE-2026-23557",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "74185"
        ]
      },
      "release_date": "2026-04-28T22:00:00.000+00:00",
      "title": "CVE-2026-23557"
    },
    {
      "cve": "CVE-2026-31786",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "74185"
        ]
      },
      "release_date": "2026-04-28T22:00:00.000+00:00",
      "title": "CVE-2026-31786"
    },
    {
      "cve": "CVE-2026-31787",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T027843",
          "74185"
        ]
      },
      "release_date": "2026-04-28T22:00:00.000+00:00",
      "title": "CVE-2026-31787"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-23557 (GCVE-0-2026-23557)

WID-SEC-W-2026-1306

Tags

Sightings

Nomenclature