CVE-2026-23556
oxenstored keeps quota related use counts across domain destruction
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota.
| CWE | CWE-281 |
| Vendor | xen |
| Product | oxenstored |
| Published | Jul 9, 2026 |
| Last Updated | Jul 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for xen oxenstored
Be the first to know when new unknown vulnerabilities affecting xen oxenstored are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Xen / oxenstored
all
References
Credits
This issue was discovered by Andrii Sultanov of Vates.