What is CVE-2026-23557?

CVE-2026-23557 is a medium-severity vulnerability in Xen, classified under Reachable Assertion. CVSS score: 6.5/10. Published 2026-05-19.

How severe is CVE-2026-23557?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Xen

CVE-2026-23557

Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will happen, as assert() is doing nothing in thi…

EPSS: 0.000 (2.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H.

Affected products

Xen — versions consult Xen advisory XSA-484

Weakness classification (CWE)

CWE-617 — Reachable Assertion

References

security@xen.org (Patch, Vendor Advisory)
af854a3a-2127-422b-91ae-364da2661108 (Patch, Mailing List, Third Party Advisory)
af854a3a-2127-422b-91ae-364da2661108 (Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2026-23557?: CVE-2026-23557 is a medium-severity vulnerability in Xen, classified under Reachable Assertion. CVSS score: 6.5/10. Published 2026-05-19.
How severe is CVE-2026-23557?: Medium severity. CVSS v3 base score is 6.5 out of 10.