CVE-2026-26103
Published: 25 February 2026
Summary
CVE-2026-26103 is a high-severity Missing Authorization (CWE-862) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data Destruction (T1485); ranked at the 1.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requiring an access control policy ensures authorization checks are defined and applied for critical functions.
Reviews of access controls detect missing authorization checks on critical functions or resources.
Documenting permitted unauthenticated actions prevents missing authorization by making all exceptions explicit and subject to organizational review.
Requiring attribute association with information prevents authorization from being performed without necessary security or privacy context.
Mandating authorization prior to allowing remote connections addresses missing authorization for remote access.
Mandating authorization before wireless connections are allowed prevents missing authorization for wireless access.
The control requires authorization before allowing mobile device connections, directly mitigating missing authorization for system access.
Requiring approvals for account creation and specifying authorizations ensures authorization is not missing for system access.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability directly enables a local unprivileged attacker to abuse the root-owned udisks D-Bus API to overwrite LUKS headers, causing irreversible inaccessibility of encrypted volumes and data loss, which maps to Data Destruction (T1485).
NVD Description
A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite…
more
encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.
Deeper analysisAI
CVE-2026-26103 is a vulnerability in the udisks storage management daemon, which exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The flaw allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices, permanently invalidating encryption keys and rendering encrypted volumes inaccessible. This affects Linux systems utilizing udisks for storage management, particularly those with LUKS-encrypted volumes, and is classified under CWE-862 (Missing Authorization).
A local attacker with low privileges (PR:L) can exploit this vulnerability with low complexity (AC:L) and no user interaction (UI:N), achieving high impact on integrity (I:H) and availability (A:H) while causing no confidentiality loss (C:N). Successful exploitation results in a denial-of-service condition through irreversible data loss on affected encrypted block devices, as the overwritten metadata prevents access to the volumes.
Red Hat has addressed the issue in Security Advisories RHSA-2026:3476 and RHSA-2026:5831, with further details available on the CVE page at access.redhat.com/security/cve/CVE-2026-26103, Bugzilla entry 2433719, and the GitHub security advisory GHSA-c75h-phf8-ccjm from the storaged-project/udisks repository. The vulnerability was published on 2026-02-25 with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
Details
- CWE(s)