Description
A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.
Published: 2026-02-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Data Confidentiality Breach
Action: Apply Patch
AI Analysis

Impact

A missing authorization check in the udisks storage‑management daemon allows any local user who is not privileged to access a D‑Bus method that exports LUKS encryption headers. Because the method lacks a policy check, an attacker can read the header metadata and then copy it to a location of their choice. The leaked metadata includes cryptographic keys and configuration that are critical for the confidentiality of encrypted volumes, which is a classic example of CWE‑862 – Missing Authorization. This flaw does not directly grant direct cryptographic material but weakens the secrecy of the encryption scheme.

Affected Systems

The vulnerability affects several Red Hat Enterprise Linux releases, including RHEL 6, 7, 8, 9, and RHEL 10 (including the 10.0 extended update support branch). It also applies to the underlying udisks package (version 2.0.0 as seen in the CPE list). Administrators of these platforms should verify that the affected udisks binary is still in use and that no service has been reverted to an older, vulnerable version.

Risk and Exploitability

With a CVSS base score of five point five the overall severity is moderate, and an EPSS score of less than one percent indicates a very low probability of exploitation at this time. The vulnerability is not yet featured in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that attacks would be carried out locally on the system via D‑Bus, and that no network exposure is required. Because the flaw permits reading of encryption headers, any unprivileged user could facilitate a downgrade or a future brute‑force attack on the cipher. Prompt remediation is advised, especially on systems exposing the default udisks policy to multiple users.

Generated by OpenCVE AI on April 16, 2026 at 16:14 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to a widespread installation base, or stability.

OpenCVE Recommended Actions

  • Install the Red Hat update RHSA-2026:3476 (or RHSA-2026:5831 for RHEL 10) that contains the patched udisks daemon.
  • Restart the udisks service so that the updated binary and D‑Bus policy take effect.
  • Verify that the udisks policy no longer allows the export encryption metadata method to be invoked by unprivileged users; this can be tested with a local user attempting to backup LUKS headers.

Generated by OpenCVE AI on April 16, 2026 at 16:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux Eus
CPEs cpe:/o:redhat:enterprise_linux_eus:10.0
Vendors & Products Redhat enterprise Linux Eus
References

Fri, 13 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
References

Mon, 02 Mar 2026 07:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.1
References

Fri, 27 Feb 2026 03:30:00 +0000

Type Values Removed Values Added
First Time appeared Freedesktop
Freedesktop udisks
CPEs cpe:2.3:a:freedesktop:udisks:2.0.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
Vendors & Products Freedesktop
Freedesktop udisks

Wed, 25 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 25 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.
Title Udisks: missing authorization check allows unprivileged users to back up luks headers via udisks d-bus api
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-862
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Freedesktop Udisks
Redhat Enterprise Linux Enterprise Linux Eus
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-25T18:52:14.488Z

Reserved: 2026-02-11T12:48:26.436Z

Link: CVE-2026-26104

cve-icon Vulnrichment

Updated: 2026-02-25T20:49:14.628Z

cve-icon NVD

Status : Modified

Published: 2026-02-25T11:16:03.193

Modified: 2026-03-25T19:16:48.227

Link: CVE-2026-26104

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-25T06:00:00Z

Links: CVE-2026-26104 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T16:15:08Z

Weaknesses