7.1
CVE-2026-26103
- EPSS 0.08%
- Veröffentlicht 25.02.2026 10:31:50
- Zuletzt bearbeitet 30.06.2026 03:17:47
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Udisks: missing authorization check allows unprivileged users to restore luks headers via udisks d-bus api
A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Enterprise Linux Version10.0
Freedesktop ≫ Udisks Version2.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.001 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://access.redhat.com/security/cve/CVE-2026-26103
https://bugzilla.redhat.com/show_bug.cgi?id=2433719
https://access.redhat.com/errata/RHSA-2026:3476
https://github.com/storaged-project/udisks/security/advisories/GHSA-c75h-phf8-ccjm
https://access.redhat.com/errata/RHSA-2026:5831
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26103.json