VYPR
Unrated severityNVD Advisory· Published Feb 25, 2026· Updated Mar 25, 2026

Udisks: missing authorization check allows unprivileged users to restore luks headers via udisks d-bus api

CVE-2026-26103

Description

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

14

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.