Severity by source
Network MitM required (AV:N, AC:H); no privileges needed on target; high confidentiality and integrity impact via session hijack and data tampering; no availability impact described.
Lifecycle Timeline
2Description PRE-NVD
AnalysisAI
Missing TLS certificate validation in the XAPI C# and PowerShell SDK bindings - specifically on secondary HTTP handler connections used for disk image transfers, host backups, RRD data, and patch delivery - allows a network-positioned attacker to intercept communications between third-party management tools and Xen hypervisor hosts. Successful Man-in-the-Middle exploitation can yield stolen administrative session tokens, enabling full hypervisor session hijack, or permit tampering with critical data such as imported disk images and host update packages in transit. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold a network Man-in-the-Middle position on the path between a program using the XAPI C# or PowerShell SDK and the XAPI host - for example, via ARP spoofing on the management VLAN or control of an intermediary network device. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No official CVSS score is provided for this CVE; the following assessment is independently derived. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with access to the management network segment - achieved via ARP spoofing, DNS poisoning, or a compromised network device - transparently proxies the secondary HTTP handler connection initiated by a third-party orchestration tool using the XAPI C# or PowerShell SDK. Because certificate validation is absent on this connection, the attacker presents a forged TLS certificate, decrypts the traffic, and extracts the XAPI session token in cleartext; that token is then reused out-of-band to issue arbitrary administrative commands against the hypervisor host. … |
| Remediation | Apply the official patch xsa498.patch to the XAPI master branch (SHA-256: f2db9e16561edc59b920e0ed95cce3a19147abc6eb2b8500bd73b87dc285d4ba), referenced at https://seclists.org/oss-sec/2026/q3/142. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, audit network paths connecting management tools to Xen hosts and map the extent of credential and data exposure in transit; identify any air-gapped or fully encrypted communication channels currently in use. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today