CVE-2026-26103
Received Received - Intake
Privilege Escalation in Udisks via Unauthorized LUKS Header Restore

Publication date: 2026-02-25

Last updated on: 2026-03-25

Assigner: Red Hat, Inc.

Description
A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-25
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-02-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-26103
EUVD
EUVD-2026-8634
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 10.0
freedesktop udisks 2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the udisks storage management daemon on Linux systems. It is caused by a missing authorization check in the RestoreEncryptedHeader D-Bus method, which allows any local unprivileged user to invoke a privileged function without proper permission verification.

Specifically, the handler function responsible for restoring LUKS encryption headers does not verify user permissions, enabling an attacker to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices.

This unauthorized action can permanently destroy encryption keys and render encrypted volumes inaccessible, resulting in irreversible data loss and a denial-of-service condition.

Impact Analysis

The vulnerability allows a local unprivileged user to cause permanent damage to encrypted storage volumes by overwriting LUKS encryption headers without authorization.

This leads to irreversible loss of encryption keys and makes the encrypted data inaccessible.

As a result, affected systems can experience a denial-of-service condition due to permanent data loss on encrypted devices.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability involves a missing authorization check in the udisks daemon's D-Bus API, allowing local unprivileged users to invoke the RestoreEncryptedHeader method. Detection involves monitoring or auditing calls to the org.freedesktop.UDisks2.Block.RestoreEncryptedHeader D-Bus method."}, {'type': 'paragraph', 'content': 'You can check for suspicious D-Bus method calls related to RestoreEncryptedHeader by using commands such as:'}, {'type': 'list_item', 'content': 'Use dbus-monitor to watch for calls to the RestoreEncryptedHeader method: dbus-monitor --system "type=\'method_call\',interface=\'org.freedesktop.UDisks2.Block\',member=\'RestoreEncryptedHeader\'"'}, {'type': 'list_item', 'content': 'Check system logs (e.g., journalctl) for any unusual activity or errors related to udisks or LUKS header restoration.'}, {'type': 'list_item', 'content': 'Audit local user activity for attempts to invoke D-Bus methods on the system bus without proper authorization.'}] [1]

Mitigation Strategies

To mitigate this vulnerability, immediate steps include restricting access to the vulnerable D-Bus method and applying any available patches or updates to the udisks package.

Specifically:

  • Apply security updates or patches provided by your Linux distribution that fix the missing authorization check in udisks.
  • Restrict local user permissions to prevent unprivileged users from accessing the org.freedesktop.UDisks2.Block.RestoreEncryptedHeader D-Bus method.
  • Consider temporarily disabling or limiting the udisks daemon if patching is not immediately possible.
  • Monitor system logs and D-Bus activity for any attempts to exploit this vulnerability.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26103. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart