CVE-2026-26104
Unauthorized Access in udisks Allows LUKS Header Exposure
Publication date: 2026-02-25
Last updated on: 2026-03-25
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 10.0 |
| freedesktop | udisks | 2.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the udisks storage management daemon on Linux systems. It allows unprivileged local users to back up LUKS encryption headers without proper authorization because a privileged D-Bus method responsible for exporting encryption metadata does not perform a required policy check.
Specifically, the method org.freedesktop.UDisks2.Encrypted.HeaderBackup fails to enforce polkit authorization, enabling attackers to invoke the root-owned udisks daemon to export sensitive cryptographic material, such as LUKS headers and keyslot metadata, to locations they control.
How can this vulnerability impact me? :
This vulnerability can impact you by exposing sensitive cryptographic metadata related to encrypted storage volumes without your authorization.
An attacker with local access can extract LUKS encryption headers and keyslot information, which weakens the confidentiality guarantees of your encrypted storage. This could potentially aid in further attacks to decrypt or compromise your encrypted data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves an unprivileged local user invoking the org.freedesktop.UDisks2.Encrypted.HeaderBackup D-Bus method to export LUKS encryption headers without authorization.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts, you can monitor D-Bus calls to the org.freedesktop.UDisks2.Encrypted.HeaderBackup method on the system bus.'}, {'type': 'paragraph', 'content': 'Suggested commands include using dbus-monitor to watch for calls to this method:'}, {'type': 'list_item', 'content': 'sudo dbus-monitor --system "type=\'method_call\',interface=\'org.freedesktop.UDisks2.Encrypted\',member=\'HeaderBackup\'"'}, {'type': 'paragraph', 'content': 'Additionally, reviewing system logs for unusual file writes or access to LUKS header backup files may help detect exploitation.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the udisks package to a version where the authorization check is properly enforced in the HeaderBackup D-Bus method.
If an update is not immediately available, restrict access to the system D-Bus or limit unprivileged user access to the udisks daemon.
Monitoring and alerting on suspicious D-Bus calls to the HeaderBackup method can also help in early detection and response.