Unrated severityNVD Advisory· Published Feb 25, 2026· Updated Mar 25, 2026
Udisks: missing authorization check allows unprivileged users to restore luks headers via udisks d-bus api
CVE-2026-26103
Description
A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.
Affected products
7- Red Hat/Red Hat Enterprise Linux 10v5cpe:/o:redhat:enterprise_linux:10.1Range: 0:2.10.90-6.el10_1.1
- Red Hat/Red Hat Enterprise Linux 6v5cpe:/o:redhat:enterprise_linux:6
- Red Hat/Red Hat Enterprise Linux 7v5cpe:/o:redhat:enterprise_linux:7
- Red Hat/Red Hat Enterprise Linux 8v5cpe:/o:redhat:enterprise_linux:8
- Red Hat/Red Hat Enterprise Linux 9v5cpe:/o:redhat:enterprise_linux:9
- Red Hat/Red Hat Enterprise Linux 10.0 Extended Update Supportv5cpe:/o:redhat:enterprise_linux_eus:10.0Range: 0:2.10.90-5.el10_0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- access.redhat.com/errata/RHSA-2026:3476mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2026:5831mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2026-26103mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- github.com/storaged-project/udisks/security/advisories/GHSA-c75h-phf8-ccjmmitre
News mentions
0No linked articles in our index yet.