[UPDATE] [high] Xen and Citrix Systems XenServer: Multiple vulnerabilities
An attacker can exploit multiple vulnerabilities in Xen and Citrix Systems XenServer to escalate privileges, bypass security measures, modify and disclose data, or cause a denial-of-service condition.
CSIRTS triage
- What
- Multiple vulnerabilities can escalate privileges, bypass security measures, modify and disclose data, or cause denial of service.
- Who is affected
- Users of Xen and Citrix Systems XenServer.
- Urgency
- Remediation is urgent due to the high severity of the vulnerabilities.
- Action
- Apply the latest security updates for XenServer.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch XenServer
Get an email when a new XenServer advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1306
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-235580.12% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 2% of all scored CVEs.
- Low exploitation riskCVE-2026-235560.14% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 3% of all scored CVEs.
- Low exploitation riskCVE-2026-235590.13% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 3% of all scored CVEs.
- Low exploitation riskCVE-2026-235600.14% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 4% of all scored CVEs.
- Low exploitation riskCVE-2026-235610.14% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 4% of all scored CVEs.
- Low exploitation riskCVE-2026-235620.14% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 4% of all scored CVEs.
- Low exploitation riskCVE-2026-424860.14% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 4% of all scored CVEs.
- Low exploitation riskCVE-2026-235570.16% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 5% of all scored CVEs.
- Low exploitation riskCVE-2026-317860.20% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 10% of all scored CVEs.
- Low exploitation riskCVE-2026-317870.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-23558 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-23556 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-23559 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-23560 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-23561 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-23562 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-42486 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-23557 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-31786 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-31787 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownCVE-2026-42486: [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnera…nvd
- unknownCVE-2026-23562: [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnera…nvd
- unknownCVE-2026-23561: [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnera…nvd
- unknownCVE-2026-23560: [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnera…nvd
- unknownCVE-2026-23559: [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnera…nvd
- unknownCVE-2026-23556: When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are…nvd
- unknownMultiple vulnerabilities in the Red Hat Linux kernel (June 26, 2026)cert-fr-avis
More from CERT-Bund (BSI) Security Advisories
- medium[NEW] [medium] DENX U-Boot: Multiple vulnerabilities allow execution of arbitrary code and DoS2026-07-10
- medium[NEW] [medium] Samsung Android: Multiple vulnerabilities2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow denial of service2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow unspecified attack2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow denial of service2026-07-10