{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T17:02:34.675","vulnerabilities":[{"cve":{"id":"CVE-2026-23555","sourceIdentifier":"security@xen.org","published":"2026-03-23T07:16:07.330","lastModified":"2026-04-10T20:38:17.427","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Any guest issuing a Xenstore command accessing a node using the\n(illegal) node path \"/local/domain/\", will crash xenstored due to a\nclobbered error indicator in xenstored when verifying the node path.\n\nNote that the crash is forced via a failing assert() statement in\nxenstored. In case xenstored is being built with NDEBUG #defined,\nan unprivileged guest trying to access the node path \"/local/domain/\"\nwill result in it no longer being serviced by xenstored, other guests\n(including dom0) will still be serviced, but xenstored will use up\nall cpu time it can get."},{"lang":"es","value":"Cualquier invitado que emita un comando de Xenstore accediendo a un nodo utilizando la ruta de nodo (ilegal) '/local/domain/', provocará la caída de xenstored debido a un indicador de error sobrescrito en xenstored al verificar la ruta del nodo.\n\nTenga en cuenta que la caída es forzada mediante una instrucción assert() fallida en xenstored. En caso de que xenstored se compile con NDEBUG #definido, un invitado sin privilegios que intente acceder a la ruta del nodo '/local/domain/' resultará en que ya no sea atendido por xenstored, otros invitados (incluido dom0) seguirán siendo atendidos, pero xenstored consumirá todo el tiempo de CPU que pueda obtener."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":4.0},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":4.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*","versionStartIncluding":"4.18.0","matchCriteriaId":"242BBD5A-0BAE-4F89-8597-7D286D6C9E25"}]}]}],"references":[{"url":"https://xenbits.xenproject.org/xsa/advisory-481.html","source":"security@xen.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/03/17/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://xenbits.xen.org/xsa/advisory-481.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}