criticalCVE-2026-23556

oxenstored Domain Teardown Quota Accounting Vulnerability

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota.

Productoxenstored
CVSS9.4
EPSSNot scored yet
UpdatedJuly 9, 2026

Quick answer

Xen Project oxenstored should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • Affected Xen hypervisor versions according to XSA-483

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

oxenstored is affected by a quota accounting issue when domain teardown leaks node usage counts. Apply the Xen or platform vendor update for XSA-483 and monitor for domains incorrectly hitting quota limits after domain ID reuse. This primarily affects Xen environments where oxenstored is used for XenStore state management.

  1. Inventory Xen hosts and platforms that use oxenstored for XenStore service management.
  2. Apply the vendor update or hotfix for XSA-483 covering CVE-2026-23556.
  3. Review domain lifecycle activity and quota-related errors around domain teardown and domain ID reuse.
  4. Restart or fail over affected management components according to vendor guidance after patching.
  5. Monitor XenStore node counts, domain creation failures, and quota errors for signs of leaked accounting state.
  6. Limit untrusted or noisy domain lifecycle operations until patched hosts are stable.
  7. Escalate to vendor recovery guidance if existing leaked state causes persistent quota problems.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm Xen hosts or platform appliances include the XSA-483 fix.
  • Validate new domains can create expected XenStore nodes after repeated create and destroy cycles.
  • Review oxenstored logs for quota errors before and after remediation.
  • Test normal VM lifecycle, migration, and restart operations after the update.
  • Run a Fixnx scan and confirm no public hypervisor management interface is exposed.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-23556?

Xen Project oxenstored versions listed as affected should be reviewed: Affected Xen hypervisor versions according to XSA-483.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.