{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/xen/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["xen","xenstore","denial-of-service","CVE-2026-23555","hypervisor","vulnerability","linux"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-23555 details a vulnerability within the Xenstore component of the Xen hypervisor. A malicious or compromised guest virtual machine (VM) can trigger this vulnerability by issuing a Xenstore command that attempts to access a specific, illegal node path: \u003ccode\u003e/local/domain/\u003c/code\u003e. This improper node path verification leads to a clobbered error indicator within the xenstored process, ultimately causing it to crash due to a failing assert() statement.\u003c/p\u003e\n","date_modified":"2026-03-23T07:16:07Z","date_published":"2026-03-23T07:16:07Z","id":"/briefs/2026-03-xenstore-crash/","summary":"A guest VM issuing a Xenstore command with the node path '/local/domain/' can crash xenstored (CVE-2026-23555), or, if NDEBUG is defined, cause denial of service by consuming all CPU resources.","title":"Xenstore Crash Vulnerability via Malicious Node Path Access (CVE-2026-23555)","url":"https://feed.craftedsignal.io/briefs/2026-03-xenstore-crash/"}],"language":"en","title":"CraftedSignal Threat Feed — Xen","version":"https://jsonfeed.org/version/1.1"}