Unrated severityNVD Advisory· Published Feb 25, 2026· Updated Mar 25, 2026
Udisks: missing authorization check allows unprivileged users to back up luks headers via udisks d-bus api
CVE-2026-26104
Description
A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:/o:redhat:enterprise_linux:10.1+ 4 more
- cpe:/o:redhat:enterprise_linux:10.1range: 0:2.10.90-6.el10_1.1
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- cpe:/o:redhat:enterprise_linux:8
- cpe:/o:redhat:enterprise_linux:9
- Red Hat/Red Hat Enterprise Linux 10.0 Extended Update Supportv5cpe:/o:redhat:enterprise_linux_eus:10.0Range: 0:2.10.90-5.el10_0.2
- osv-coords7 versionspkg:rpm/almalinux/libudisks2pkg:rpm/almalinux/libudisks2-develpkg:rpm/almalinux/udisks2pkg:rpm/almalinux/udisks2-iscsipkg:rpm/almalinux/udisks2-lsmpkg:rpm/almalinux/udisks2-lvm2pkg:rpm/opensuse/udisks2&distro=openSUSE%20Tumbleweed
< 2.10.90-6.el10_1.1.alma.1+ 6 more
- (no CPE)range: < 2.10.90-6.el10_1.1.alma.1
- (no CPE)range: < 2.10.90-6.el10_1.1.alma.1
- (no CPE)range: < 2.10.90-6.el10_1.1.alma.1
- (no CPE)range: < 2.10.90-6.el10_1.1.alma.1
- (no CPE)range: < 2.10.90-6.el10_1.1.alma.1
- (no CPE)range: < 2.10.90-6.el10_1.1.alma.1
- (no CPE)range: < 2.11.0-2.1
Patches
Vulnerability mechanics
References
5- access.redhat.com/errata/RHSA-2026:3476mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2026:5831mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2026-26104mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- github.com/storaged-project/udisks/security/advisories/GHSA-fcvx-497g-6xmwmitre
News mentions
0No linked articles in our index yet.