CVE-2026-26103

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions udisks (affected versions not specified)

Description A flaw exists in the udisks storage management daemon related to authorization checks for restoring LUKS encryption headers via a privileged D-Bus API. An unprivileged local user can instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible, resulting in a denial-of-service condition through irreversible data loss. The issue involves manipulation of LUKS encryption headers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

DoS

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

ALSA-2026:3476

CVE-2026-26103

GHSA-C75H-PHF8-CCJM

OPENSUSE-SU-2026:10273-1

RHSA-2026:3476

RHSA-2026:5831

Affected Products

Udisks

CVE-2026-26103

Weakness Enumeration

Related Identifiers

Affected Products

References · 23