Xen, Citrix XenServer Vulnerabilities - Local Privilege Escalation
Summary
CERT-Bund has issued a security advisory (WID-SEC-2026-0760) regarding multiple vulnerabilities in Xen and Citrix XenServer. These vulnerabilities, with a CVSS Base Score of 7.8, could allow local attackers to escalate privileges, cause a denial-of-service, or disclose confidential information.
What changed
CERT-Bund has released security advisory WID-SEC-2026-0760 detailing multiple vulnerabilities affecting Xen versions >=4.17 and Citrix XenServer 8.4. The vulnerabilities have a CVSS Base Score of 7.8 (high) and a Temporal Score of 6.8 (medium). Exploitation is possible locally and can lead to privilege escalation, denial-of-service, or information disclosure.
Affected systems include various UNIX-based operating systems running Xen or Citrix XenServer. Organizations using these products should review the advisory for specific version information and apply available mitigations. Failure to address these vulnerabilities could expose systems to significant security risks, including unauthorized access and data breaches.
What to do next
- Review CERT-Bund advisory WID-SEC-2026-0760 for affected Xen and Citrix XenServer versions.
- Implement available mitigations for identified vulnerabilities.
- Assess potential impact of privilege escalation, DoS, or information disclosure on systems.
Source document (simplified)
[WID-SEC-2026-0760] Xen und Citrix Systems XenServer: Mehrere Schwachstellen CVSS Base Score 7.8 (hoch) CVSS Temporal Score 6.8 (mittel) Remoteangriff nein Datum 17.03.2026 Stand 18.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
Produktbeschreibung
Xen ist ein Virtueller-Maschinen-Monitor (VMM), der Hardware (x86, IA-64, PowerPC) für die darauf laufenden Systeme (Domains) paravirtualisiert.
Citrix XenServer ist eine Lösung für das Management, die Konfiguration und den Betrieb virtueller Maschinen auf Servern.
Produkte
17.03.2026
- Open Source Xen >=4.17
Citrix Systems XenServer 8.4
Open Source Xen >=4.18
Angriff
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Xen und Citrix Systems XenServer ausnutzen, um seine Privilegien zu erhöhen, einen Denial-of-Service-Zustand herbeizuführen oder vertrauliche Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.