Is CVE-2026-23555 actively exploited?

CVE-2026-23555 has no public evidence of in-the-wild exploitation as of 2026-04-10.

What is the CVSS score for CVE-2026-23555?

CVE-2026-23555 has a CVSS score of 7.1 (HIGH severity). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H.

How do I patch CVE-2026-23555?

Patch guidance is available from xen security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-23555.

Fix CVE-2026-23555 - HIGH xen xen

Description

Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert() statement in xenstored. In case xenstored is being built with NDEBUG #defined, an unprivileged guest trying to access the node path "/local/domain/" will result in it no longer being serviced by xenstored, other guests (including dom0) will still be serviced, but xenstored will use up all cpu time it can get.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector: local
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-617

Metadata

Primary Vendor: XEN
Published: 3/23/2026
Last Modified: 4/10/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2026-23555

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary