CVE-2026-23555

Name of the Vulnerable Software and Affected Versions Xen (affected versions not specified)

Description A guest issuing a Xenstore command accessing a node using the path '/local/domain/' can cause xenstored to crash due to a corrupted error indicator during node path verification. The crash is triggered by a failing assert statement within xenstored. If xenstored is built with NDEBUG defined, an unprivileged guest attempting to access the '/local/domain/' path will no longer be serviced, while other guests, including dom0, will continue to be serviced, but xenstored will consume all available CPU time. The vulnerable path is /local/domain/.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.