https://feed.craftedsignal.io/tags/cve-2026-23555/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 23 Mar 2026 07:16:07 +0000https://feed.craftedsignal.io/briefs/2026-03-xenstore-crash/Mon, 23 Mar 2026 07:16:07 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-xenstore-crash/A guest VM issuing a Xenstore command with the node path '/local/domain/' can crash xenstored (CVE-2026-23555), or, if NDEBUG is defined, cause denial of service by consuming all CPU resources.<p>CVE-2026-23555 details a vulnerability within the Xenstore component of the Xen hypervisor. A malicious or compromised guest virtual machine (VM) can trigger this vulnerability by issuing a Xenstore command that attempts to access a specific, illegal node path: <code>/local/domain/</code>. This improper node path verification leads to a clobbered error indicator within the xenstored process, ultimately causing it to crash due to a failing assert() statement.</p> highadvisoryxenxenstoredenial-of-serviceCVE-2026-23555hypervisorvulnerabilitylinux