CVE-2026-23557

MEDIUM 6.5

Xenstored DoS via XS_RESET_WATCHES command

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will happen, as assert() is doing nothing in this case. Note that the default is not to define NDEBUG for xenstored builds even in release builds of Xen.

Vendor	xen
Product	xen
Published	May 19, 2026
Last Updated	May 19, 2026

Stay Ahead of the Next One

Get instant alerts for xen xen

Be the first to know when new medium vulnerabilities affecting xen xen are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Xen / Xen

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

xenbits.xenproject.org: https://xenbits.xenproject.org/xsa/advisory-484.html openwall.com: http://www.openwall.com/lists/oss-security/2026/04/28/11 xenbits.xen.org: http://xenbits.xen.org/xsa/advisory-484.html

Credits

This issue was discovered by Andrii Sultanov of Vates.