Xen Security: Multiple XSA/CVE Issues in Xen, Linux Xen Drivers and XAPI
Posted: Tue Apr 28, 2026 9:52 pm
Xen Security Advisories April 2026: Multiple XSA/CVE Issues in Xen, Linux Xen Drivers and XAPI
Overview
On 28 April 2026, several new Xen Security Advisories were published. These advisories affect different parts of the Xen ecosystem: the Xen hypervisor itself, xenstored/oxenstored, Linux Xen-related drivers, and XAPI.
This is important for VPS providers, hosting platforms, cloud environments, and administrators running Xen-based virtualization.
Official advisory list:
https://xenbits.xen.org/xsa/
---
Affected advisories and CVEs
Overview
On 28 April 2026, several new Xen Security Advisories were published. These advisories affect different parts of the Xen ecosystem: the Xen hypervisor itself, xenstored/oxenstored, Linux Xen-related drivers, and XAPI.
This is important for VPS providers, hosting platforms, cloud environments, and administrators running Xen-based virtualization.
Official advisory list:
https://xenbits.xen.org/xsa/
---
Affected advisories and CVEs
- XSA-489 – Multiple RBAC issues in XAPI
- CVE-2026-23559
- CVE-2026-23560
- CVE-2026-23561
- CVE-2026-23562
- CVE-2026-42486
- XSA-488 – x86: Floating Point Divider State Sampling
- CVE-2025-54505
- XSA-487 – Linux kernel double free in Xen privcmd driver
- CVE-2026-31787
- XSA-486 – grant table v2 race in status page mapping
- CVE-2026-23558
- XSA-485 – Linux kernel out of bounds read via Xen-related