udisks: Missing Authorization Check Allows Unprivileged Users to Restore LUKS Headers via udisks D-Bus API

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block...

Important: Red Hat Security Advisory: udisks2 security update

An update for udisks2 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

RHEL 10 : udisks2 (RHSA-2026:5831)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5831 advisory. The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fixe...

RockyLinux 10 : udisks2 (RLSA-2026:3476)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3476 advisory. udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API CVE-2026-26104 udisks: Missing Authorization...

RHEL 10 : udisks2 (RHSA-2026:3476)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3476 advisory. The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fixe...

udisks2 security update

An update is available for udisks2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Udisks project provides a daemon, tools, and libraries to access and...

udisks: Missing Authorization Check Allows Unprivileged Users to Restore LUKS Headers via udisks D-Bus API

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block...

ALSA-2026:3476 Important: udisks2 security update

The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fixes: udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API CVE-2026-26104 udisks: Missing Authorization Che...

Linux Distros Unpatched Vulnerability : CVE-2026-26103

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization...

EUVD-2026-8635

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitiv...

CVE-2026-26104

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitiv...

CVE-2026-26104

CVE-2026-26104 affects the udisks storage management daemon. A privileged D-Bus method that exports encryption metadata does not perform a policy check, allowing unprivileged users to back up LUKS header data and potentially read or write sensitive cryptographic metadata to attacker-controlled lo...

CVE-2026-26104 Udisks: missing authorization check allows unprivileged users to back up luks headers via udisks d-bus api

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitiv...

CVE-2026-26104

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitiv...

CVE-2026-26103 Udisks: missing authorization check allows unprivileged users to restore luks headers via udisks d-bus api

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block...

CVE-2026-26103

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block...

Linux Distros Unpatched Vulnerability : CVE-2026-26104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occu...

PT-2026-21896

Name of the Vulnerable Software and Affected Versions udisks affected versions not specified Description A flaw exists in the udisks storage management daemon related to authorization checks for restoring LUKS encryption headers via a privileged D-Bus API. An unprivileged local user can instruct...