Unrated severityNVD Advisory· Published Feb 25, 2026· Updated Mar 25, 2026
Udisks: missing authorization check allows unprivileged users to restore luks headers via udisks d-bus api
CVE-2026-26103
Description
A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:/o:redhat:enterprise_linux:10.1+ 4 more
- cpe:/o:redhat:enterprise_linux:10.1range: 0:2.10.90-6.el10_1.1
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- cpe:/o:redhat:enterprise_linux:8
- cpe:/o:redhat:enterprise_linux:9
- Red Hat/Red Hat Enterprise Linux 10.0 Extended Update Supportv5cpe:/o:redhat:enterprise_linux_eus:10.0Range: 0:2.10.90-5.el10_0.2
- osv-coords7 versionspkg:rpm/almalinux/libudisks2pkg:rpm/almalinux/libudisks2-develpkg:rpm/almalinux/udisks2pkg:rpm/almalinux/udisks2-iscsipkg:rpm/almalinux/udisks2-lsmpkg:rpm/almalinux/udisks2-lvm2pkg:rpm/opensuse/udisks2&distro=openSUSE%20Tumbleweed
< 2.10.90-6.el10_1.1.alma.1+ 6 more
- (no CPE)range: < 2.10.90-6.el10_1.1.alma.1
- (no CPE)range: < 2.10.90-6.el10_1.1.alma.1
- (no CPE)range: < 2.10.90-6.el10_1.1.alma.1
- (no CPE)range: < 2.10.90-6.el10_1.1.alma.1
- (no CPE)range: < 2.10.90-6.el10_1.1.alma.1
- (no CPE)range: < 2.10.90-6.el10_1.1.alma.1
- (no CPE)range: < 2.11.0-2.1
Patches
Vulnerability mechanics
References
5- access.redhat.com/errata/RHSA-2026:3476mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2026:5831mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2026-26103mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- github.com/storaged-project/udisks/security/advisories/GHSA-c75h-phf8-ccjmmitre
News mentions
0No linked articles in our index yet.