CVE-2026-42486

Xen · XAPI

Xen XAPI improperly restricts access to the VM.platform:hvm_serial parameter, allowing vm-admin users to write arbitrary files to the dom0 host system.

Executive summary

A critical privilege escalation vulnerability in Xen XAPI permits vm-admin users to perform arbitrary file writes to the dom0 host, compromising the underlying hypervisor security.

Vulnerability

This vulnerability involves an improper authorization check on the VM.platform:hvm_serial parameter. An attacker with vm-admin privileges can modify this parameter, which is intended to be restricted to the pool-admin role, enabling them to execute arbitrary file writes within the dom0 environment.

Business impact

The ability to perform arbitrary file writes in dom0 is equivalent to a full system compromise of the hypervisor. With a CVSS score of 9.4, this vulnerability poses an extreme risk, as it allows an attacker to escape the virtualized environment, modify system binaries, or install persistent backdoors, leading to total loss of confidentiality, integrity, and availability.

Remediation

Immediate Action: Update Xen XAPI to the latest version as specified in the vendor security advisory (XSA-489).

Proactive Monitoring: Monitor dom0 filesystem integrity and audit all administrative actions within the XAPI environment for suspicious parameter modifications.

Compensating Controls: Implement strict network segmentation and firewall rules to limit access to the XAPI management API to known, secure management workstations.

Exploitation status

Public Exploit Available: False

Analyst recommendation

This vulnerability represents a severe threat to host security and must be treated with the highest priority. Organizations should prioritize patching this issue to prevent potential hypervisor-level compromise and ensure that administrative role restrictions are enforced as designed.