CVE-2026-26104
Received Received - Intake
Unauthorized Access in udisks Allows LUKS Header Exposure

Publication date: 2026-02-25

Last updated on: 2026-03-25

Assigner: Red Hat, Inc.

Description
A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-25
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-02-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-26104
EUVD
EUVD-2026-8635
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 10.0
freedesktop udisks 2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the udisks storage management daemon on Linux systems. It allows unprivileged local users to back up LUKS encryption headers without proper authorization because a privileged D-Bus method responsible for exporting encryption metadata does not perform a required policy check.

Specifically, the method org.freedesktop.UDisks2.Encrypted.HeaderBackup fails to enforce polkit authorization, enabling attackers to invoke the root-owned udisks daemon to export sensitive cryptographic material, such as LUKS headers and keyslot metadata, to locations they control.

Impact Analysis

This vulnerability can impact you by exposing sensitive cryptographic metadata related to encrypted storage volumes without your authorization.

An attacker with local access can extract LUKS encryption headers and keyslot information, which weakens the confidentiality guarantees of your encrypted storage. This could potentially aid in further attacks to decrypt or compromise your encrypted data.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves an unprivileged local user invoking the org.freedesktop.UDisks2.Encrypted.HeaderBackup D-Bus method to export LUKS encryption headers without authorization.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts, you can monitor D-Bus calls to the org.freedesktop.UDisks2.Encrypted.HeaderBackup method on the system bus.'}, {'type': 'paragraph', 'content': 'Suggested commands include using dbus-monitor to watch for calls to this method:'}, {'type': 'list_item', 'content': 'sudo dbus-monitor --system "type=\'method_call\',interface=\'org.freedesktop.UDisks2.Encrypted\',member=\'HeaderBackup\'"'}, {'type': 'paragraph', 'content': 'Additionally, reviewing system logs for unusual file writes or access to LUKS header backup files may help detect exploitation.'}] [1]

Mitigation Strategies

Immediate mitigation steps include updating the udisks package to a version where the authorization check is properly enforced in the HeaderBackup D-Bus method.

If an update is not immediately available, restrict access to the system D-Bus or limit unprivileged user access to the udisks daemon.

Monitoring and alerting on suspicious D-Bus calls to the HeaderBackup method can also help in early detection and response.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26104. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart