MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2026-26103

🔴 HIGH

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivi...

Published
Feb 25, 2026
Last Modified
Mar 02, 2026
Views
1
Bookmarks
0

Description

Request Expert Review

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.

Affected Products (2)

redhat - enterprise_linux

Version: 10.0

freedesktop - udisks

Version: 2.0.0

CVSS Scores

CVSS 3.1 7.1
7.1
HIGH
CVSS 2.0 7.1

References

access.redhat.com access.redhat.com bugzilla.redhat.com

Additional Information

Source
secalert@redhat.com
State
Modified

Related CVEs

CVE-2026-3288

HIGH

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject confi...

Score: 8.8

CVE-2026-31816

CRITICAL

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized() mi...

Score: 9.1

CVE-2026-30240

CRITICAL

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the...

Score: 9.6

CVE-2026-25960

HIGH

vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in...

Score: 7.1

CVE-2026-25737

HIGH

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerabilit...

Score: 8.9

CVE-2025-15603

LOW

A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start_windows.bat of the co...

Score: 3.7

Share CVE-2026-26103

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2026-26103 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis