CVE-2026-26103
published 2026-02-25CVE-2026-26103: A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization…
high7.1CVSS 3.1
AVLACLPRLUINSUCNIHAH
A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | udisks2 | < udisks2 2.11.1-1 (forky) | udisks2 2.11.1-1 (forky) |
| freedesktop | udisks | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
osv7.1HIGH