CVE-2026-23556

EUVD-2026-42600
When oxenstored is tearing a domain down, the node data is cleaned up
but the usage counts are leaked.

When the domain ID is eventually reused, the new domain can create fewer
nodes before beeing deemed to be over quota.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
xen
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
vulnerable
sid
vulnerable
trixie
no-dsa
trixie (security)
vulnerable