Cyber Resilience

CVE-2026-23558

HighUpdated

Published: 19 May 2026

Published
19 May 2026
Modified
17 June 2026
KEV Added
Patch
28 April 2026
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0012 2.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-23558 is a high-severity Race Condition (CWE-362) vulnerability in Xen Xen. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status page(s)…

more

via XENMEM_add_to_physmap. Some of the status pages may then be freed while mappings of them would still be inserted into the guest's secondary (P2M) page tables.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1611 Escape to Host Privilege Escalation
Adversaries may break out of a container or virtualized environment to gain access to the underlying host.
Why these techniques?

Race condition in Xen hypervisor grant/P2M handling directly enables guest-to-host privilege escalation and VM escape via memory mapping corruption.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-58150Same product: Xen Xen
CVE-2026-23554Same product: Xen Xen
CVE-2025-58142Same product: Xen Xen
CVE-2023-34326Same product: Xen Xen
CVE-2026-23555Same product: Xen Xen
CVE-2024-45818Same product: Xen Xen
CVE-2021-28703Same product: Xen Xen
CVE-2023-34328Same product: Xen Xen
CVE-2025-27466Same product: Xen Xen
CVE-2023-34327Same product: Xen Xen

Affected Assets

xen
xen
≥ 4.0.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-362

Accurate timestamps from internal clocks enable detection of race conditions by providing reliable event ordering in audit logs.

addresses: CWE-362

Coordination of concurrent security activities reduces the probability that shared resources will be accessed simultaneously without proper synchronization.

References