CVE-2026-26104

Name of the Vulnerable Software and Affected Versions udisks (affected versions not specified)

Description A flaw exists in the udisks storage management daemon that permits unprivileged users to back up LUKS encryption headers without proper authorization. This is due to a privileged D-Bus method, responsible for exporting encryption metadata, lacking a policy check. Consequently, sensitive cryptographic metadata can be read and written to locations controlled by an attacker, potentially compromising the confidentiality of encrypted storage volumes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.