{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23556","assignerOrgId":"23aa2041-22e1-471f-9209-9b7396fa234f","state":"PUBLISHED","assignerShortName":"XEN","dateReserved":"2026-01-14T13:07:36.961Z","datePublished":"2026-07-09T14:48:56.630Z","dateUpdated":"2026-07-09T15:37:46.026Z"},"containers":{"cna":{"providerMetadata":{"orgId":"23aa2041-22e1-471f-9209-9b7396fa234f","shortName":"XEN","dateUpdated":"2026-07-09T14:48:56.630Z"},"title":"oxenstored keeps quota related use counts across domain destruction","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-281","description":"CWE-281 Improper preservation of permissions","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-548","descriptions":[{"lang":"en","value":"CAPEC-548 Contaminate Resource"}]}],"affected":[{"vendor":"Xen","product":"oxenstored","versions":[{"status":"affected","version":"all"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"When oxenstored is tearing a domain down, the node data is cleaned up\nbut the usage counts are leaked.\n\nWhen the domain ID is eventually reused, the new domain can create fewer\nnodes before beeing deemed to be over quota.","supportingMedia":[{"type":"text/html","base64":false,"value":"<pre>When oxenstored is tearing a domain down, the node data is cleaned up\nbut the usage counts are leaked.\n\nWhen the domain ID is eventually reused, the new domain can create fewer\nnodes before beeing deemed to be over quota.</pre>"}]}],"references":[{"url":"https://xenbits.xen.org/xsa/advisory-483.html"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"CRITICAL","baseScore":9.4,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}}],"credits":[{"lang":"en","value":"This issue was discovered by Andrii Sultanov of Vates.","type":"finder"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"title":"CVE Program Container","references":[{"url":"http://www.openwall.com/lists/oss-security/2026/04/28/10"},{"url":"http://xenbits.xen.org/xsa/advisory-483.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2026-07-09T15:06:25.267Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-07-09T15:34:22.728700Z","id":"CVE-2026-23556","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-07-09T15:37:46.026Z"}}]}}