๐Ÿ” CVE Alert

CVE-2026-23556

UNKNOWN 0.0

oxenstored keeps quota related use counts across domain destruction

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota.

CWE CWE-281
Vendor xen
Product oxenstored
Published Jul 9, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for xen oxenstored

Be the first to know when new unknown vulnerabilities affecting xen oxenstored are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Xen / oxenstored
all

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
xenbits.xen.org: https://xenbits.xen.org/xsa/advisory-483.html openwall.com: http://www.openwall.com/lists/oss-security/2026/04/28/10 xenbits.xen.org: http://xenbits.xen.org/xsa/advisory-483.html

Credits

This issue was discovered by Andrii Sultanov of Vates.