MOKSHA CNA - Independent Security Advisories

Independent security research by Jakob Wolffhechel · Moksha · Copenhagen, Denmark
Last updated: 2026-05-14

Severity Distribution

	Critical	High	Medium	Low	Total
CVSS 3.1	6	31	41	11	89
CVSS 4.0	2	38	47	2	89

All Advisories

MOKSHA ID ▲	GCVE ID	Semantic ID	Title	Severity	JSON
MOKSHA-2026-0001	GCVE-117-2026-0001	BOC-1	Arbitrary Host Device Mount via VBD.other_config backend-local	Critical (9.9)	JSON
MOKSHA-2026-0002	GCVE-117-2026-0002	SMC-1	Storage Protocol Injection via sm_config	Critical (9.9)	JSON
MOKSHA-2026-0003	GCVE-117-2026-0003	VOC-1	System Domain Privilege Escalation via is_system_domain	Critical (9.9)	JSON
MOKSHA-2026-0004	GCVE-117-2026-0004	PDC-1	iSCSI Target Redirection via PBD.device_config	Critical (9.1)	JSON
MOKSHA-2026-0005	GCVE-117-2026-0005	PDC-2	NFS Server Redirection via PBD.device_config	Critical (9.1)	JSON
MOKSHA-2026-0006	GCVE-117-2026-0006	DOC-2	Storage Migration Redirection via VDI.other_config maps_to	High (8.5)	JSON
MOKSHA-2026-0007	GCVE-117-2026-0007	BOC-2	Backend-Kind I/O Driver Type Confusion via VBD.other_config	High (7.5)	JSON
MOKSHA-2026-0008	GCVE-117-2026-0008	VOC-2	Storage Driver Domain PBD Detach DoS via VM.other_config	High (8.2)	JSON
MOKSHA-2026-0009	GCVE-117-2026-0009	PLAT-6	QEMU Serial Host Filesystem Write via VM.platform hvm_serial	High (8.5)	JSON
MOKSHA-2026-0010	GCVE-117-2026-0010	PDC-5	Block Device Path Injection via PBD.device_config	High (8.4)	JSON
MOKSHA-2026-0011	GCVE-117-2026-0011	NOC-1	VIF Backend VM Hijack via Network.other_config backend_vm	High (8.8)	JSON
MOKSHA-2026-0012	GCVE-117-2026-0012	NOC-2	OVS Fail-Mode Denial of Service via Network.other_config	High (8.2)	JSON
MOKSHA-2026-0013	GCVE-117-2026-0013	PLOC-6	Pool-Wide OVS Fail-Mode Denial of Service via Pool.other_config	High (8.2)	JSON
MOKSHA-2026-0014	GCVE-117-2026-0014	PDC-6	Local Initiator IQN Injection via PBD.device_config	High (8.1)	JSON
MOKSHA-2026-0015	GCVE-117-2026-0015	SSMC-2	VHD Format Flag Corruption via SR.sm_config use_vhd	High (7.6)	JSON
MOKSHA-2026-0016	GCVE-117-2026-0016	PLAT-2	PVinPVH Xen Kernel Command-Line Injection via VM.platform	High (7.6)	JSON
MOKSHA-2026-0017	GCVE-117-2026-0017	NOC-3	Static Route Injection via Network.other_config	High (7.6)	JSON
MOKSHA-2026-0018	GCVE-117-2026-0018	PLOC-2	HA Timeout Manipulation via Pool.other_config (Split-Brain/Blindness)	High (7.6)	JSON
MOKSHA-2026-0019	GCVE-117-2026-0019	DOC-1	Tapdisk Memory Pool Injection via VDI.other_config mem-pool	High (8.2)	JSON
MOKSHA-2026-0020	GCVE-117-2026-0020	DOC-4	CBT Metadata Corruption via VDI.other_config content_id	High (7.1)	JSON
MOKSHA-2026-0021	GCVE-117-2026-0021	VIOC-2	Cross-VM Traffic Sniffing via VIF.other_config Promiscuous Mode	High (7.5)	JSON
MOKSHA-2026-0022	GCVE-117-2026-0022	BQP-1	Real-Time I/O Class Abuse via VBD.qos_algorithm_params - Cross-VM Starvation	High (7.5)	JSON
MOKSHA-2026-0023	GCVE-117-2026-0023	PLOC-3	Guest Agent Script Execution Enablement via Pool.other_config	High (7.2)	JSON
MOKSHA-2026-0024	GCVE-117-2026-0024	PDC-3	NFS Mount Option Injection via PBD.device_config	High (7.2)	JSON
MOKSHA-2026-0025	GCVE-117-2026-0025	SSMC-3	Storage Protocol Metadata Poisoning via SR.sm_config (targetIQN/target/LUNid)	High (7.2)	JSON
MOKSHA-2026-0026	GCVE-117-2026-0026	HOC-1	Python Module Import Injection via Host.other_config multipathhandle	Critical (9.1)	JSON
MOKSHA-2026-0027	GCVE-117-2026-0027	POC-2	Gateway/DNS Routing Hijack via PIF.other_config defaultroute/peerdns	High (8.6)	JSON
MOKSHA-2026-0028	GCVE-117-2026-0028	BOC-4	VDI Lifecycle Corruption via VBD.other_config owner Key	High (7.1)	JSON
MOKSHA-2026-0029	GCVE-117-2026-0029	VIOC-1	SR-IOV VIF Whitelist Bypass via VIF.other_config	High (7.1)	JSON
MOKSHA-2026-0030	GCVE-117-2026-0030	VOC-3	XML Injection in Template Provisioning via VM.other_config disks	High (7.1)	JSON
MOKSHA-2026-0031	GCVE-117-2026-0031	XSD-1	Guest Agent Poisoning via VM.xenstore_data vm-data Injection	High (7.1)	JSON
MOKSHA-2026-0032	GCVE-117-2026-0032	XSD-3	Bidirectional Data Exfiltration via VM.xenstore_data Guest-to-XAPI-DB Sync	High (7.1)	JSON
MOKSHA-2026-0033	GCVE-117-2026-0033	VQP-1	Rate Limit Bypass via VIF.qos_algorithm_params Large kbps Overflow	High (7.1)	JSON
MOKSHA-2026-0034	GCVE-117-2026-0034	DOC-5	Coalesce Blocking via VDI.other_config leaf-coalesce	High (7.1)	JSON
MOKSHA-2026-0035	GCVE-117-2026-0035	HOC-2	iSCSI Initiator Identity Spoofing via Host.other_config iscsi_iqn	Medium (6.8)	JSON
MOKSHA-2026-0036	GCVE-117-2026-0036	SOC-2	LVM Configuration Injection via SR.other_config lvm-conf	Medium (6.7)	JSON
MOKSHA-2026-0037	GCVE-117-2026-0037	SOC-3	VHD Test Mode and Failure Injection via SR.other_config testmode	Medium (6.5)	JSON
MOKSHA-2026-0038	GCVE-117-2026-0038	SSMC-1	Provisioning Type Manipulation via SR.sm_config allocation	High (8.7)	JSON
MOKSHA-2026-0039	GCVE-117-2026-0039	SSMC-4	Filesystem Layout Manipulation via SR.sm_config nosubdir/subdir	High (8.5)	JSON
MOKSHA-2026-0040	GCVE-117-2026-0040	PDC-4	CHAP Credential Exposure via PBD.device_config	Medium (6.5)	JSON
MOKSHA-2026-0041	GCVE-117-2026-0041	PLOC-1	Rolling Upgrade State Injection via Pool.other_config	High (7.5)	JSON
MOKSHA-2026-0042	GCVE-117-2026-0042	PLOC-4	SMTP Server Redirection / Credential Exfiltration via Pool.other_config	Medium (6.5)	JSON
MOKSHA-2026-0043	GCVE-117-2026-0043	PLOC-5	PBD Synchronization Bypass via Pool.other_config sync_create_pbds	Medium (6.5)	JSON
MOKSHA-2026-0044	GCVE-117-2026-0044	PLAT-1	QEMU -parallel Path Traversal (VM DoS) via VM.platform	Medium (6.5)	JSON
MOKSHA-2026-0045	GCVE-117-2026-0045	POC-1	Arbitrary Bond Property Injection via PIF.other_config bond-*	Medium (6.5)	JSON
MOKSHA-2026-0046	GCVE-117-2026-0046	POC-3	MTU Manipulation / Network Partition via PIF.other_config	Medium (6.5)	JSON
MOKSHA-2026-0047	GCVE-117-2026-0047	POC-5	DNS Search Domain Injection via PIF.other_config domain	Medium (6.1)	JSON
MOKSHA-2026-0048	GCVE-117-2026-0048	HOC-3	Storage Availability Disruption via Host.other_config multipathing	Medium (5.5)	JSON
MOKSHA-2026-0049	GCVE-117-2026-0049	NOC-4	HIMN Identity Hijack + DHCP Manipulation via Network.other_config	Medium (5.5)	JSON
MOKSHA-2026-0050	GCVE-117-2026-0050	SSMC-5	LUNperVDI Key Injection via SR.sm_config (dead code)	Low (2.7)	JSON
MOKSHA-2026-0051	GCVE-117-2026-0051	DOC-7	Config Drive Misidentification via VDI.other_config config-drive	Medium (5.4)	JSON
MOKSHA-2026-0052	GCVE-117-2026-0052	BOC-5	Leaked VBD Detection Spoofing via task_id/related_to	Medium (5.3)	JSON
MOKSHA-2026-0053	GCVE-117-2026-0053	VIOC-3	MTU Manipulation (0-65535) via VIF.other_config	Medium (5.3)	JSON
MOKSHA-2026-0054	GCVE-117-2026-0054	VOC-4	MAC Address Collision via VM.other_config mac_seed	Medium (5.3)	JSON
MOKSHA-2026-0055	GCVE-117-2026-0055	VOC-5	set_other_config RBAC Bypass for PCI Passthrough Key	Medium (5.3)	JSON
MOKSHA-2026-0056	GCVE-117-2026-0056	VOC-6	Console Access Manipulation via VM.other_config disable_pv_vnc	Medium (5.3)	JSON
MOKSHA-2026-0057	GCVE-117-2026-0057	XSD-2	FIST Namespace Exposure via VM.xenstore_data	Medium (5.3)	JSON
MOKSHA-2026-0058	GCVE-117-2026-0058	XSD-4	Xenstore Quota Exhaustion via VM.xenstore_data	Medium (5.3)	JSON
MOKSHA-2026-0059	GCVE-117-2026-0059	XSD-5	Multi-Tenant Trust Confusion via VM.xenstore_data	Medium (5.3)	JSON
MOKSHA-2026-0060	GCVE-117-2026-0060	BQP-2	Arbitrary Integer Passthrough to ionice via VBD.qos_algorithm_params	Medium (5.3)	JSON
MOKSHA-2026-0061	GCVE-117-2026-0061	BQP-3	I/O Scheduling Downgrade to Idle Class via VBD.qos_algorithm_params	Medium (5.3)	JSON
MOKSHA-2026-0062	GCVE-117-2026-0062	VQP-2	Rate Limit Removal via kbps=0 in VIF.qos_algorithm_params	Medium (5.3)	JSON
MOKSHA-2026-0063	GCVE-117-2026-0063	VQP-3	Negative kbps Injection in VIF.qos_algorithm_params	Medium (5.3)	JSON
MOKSHA-2026-0064	GCVE-117-2026-0064	VXD-1	Database Field Poisoning via VDI.xenstore_data Arbitrary Keys	Medium (5.3)	JSON
MOKSHA-2026-0065	GCVE-117-2026-0065	VXD-2	SCSI Identity Forgery in XAPI Database via VDI.xenstore_data	Medium (5.3)	JSON
MOKSHA-2026-0066	GCVE-117-2026-0066	VXD-3	Metadata Propagation via VDI Snapshot and Clone Operations	Medium (5.3)	JSON
MOKSHA-2026-0067	GCVE-117-2026-0067	VXD-4	Cross-Pool Metadata Injection via VDI.xenstore_data on Pool Join	Medium (5.3)	JSON
MOKSHA-2026-0068	GCVE-117-2026-0068	PLAT-4	Guest Xenstore Data Injection via VM.platform Map	Medium (5.3)	JSON
MOKSHA-2026-0069	GCVE-117-2026-0069	PLAT-5	Hypervisor Security Feature Manipulation via VM.platform (nx/hap)	Medium (5.3)	JSON
MOKSHA-2026-0070	GCVE-117-2026-0070	VIOC-5	Infrastructure Metadata Leak via SR-IOV VIF Xenstore Passthrough	Medium (5.0)	JSON
MOKSHA-2026-0071	GCVE-117-2026-0071	NOC-5	OVS In-Band Management Disablement via Network.other_config	Medium (4.9)	JSON
MOKSHA-2026-0072	GCVE-117-2026-0072	HOC-4	SR Scan Interval Manipulation via Host.other_config auto-scan-interval	Medium (4.9)	JSON
MOKSHA-2026-0073	GCVE-117-2026-0073	SOC-4	SR Destruction Protection Bypass and DoS via SR.other_config indestructible	Medium (4.9)	JSON
MOKSHA-2026-0074	GCVE-117-2026-0074	SOC-5	GC and Coalesce Disablement via SR.other_config	Medium (4.9)	JSON
MOKSHA-2026-0075	GCVE-117-2026-0075	PLOC-7	Memory Ratio Bounds Relaxation via Pool.other_config	Medium (4.9)	JSON
MOKSHA-2026-0076	GCVE-117-2026-0076	POC-4	Network Offload Disablement via PIF.other_config ethtool Keys	Medium (4.9)	JSON
MOKSHA-2026-0077	GCVE-117-2026-0077	VIOC-4	VIF NIC Offload Disablement via VIF.other_config ethtool Keys	Medium (4.3)	JSON
MOKSHA-2026-0078	GCVE-117-2026-0078	DOC-6	Guest Clock Manipulation via VDI.other_config timeoffset	Medium (4.3)	JSON
MOKSHA-2026-0079	GCVE-117-2026-0079	NOC-6	Network Sharing Bypass via Network.other_config assume_network_is_shared	Medium (4.1)	JSON
MOKSHA-2026-0080	GCVE-117-2026-0080	SOC-1	I/O Scheduler Sysfs Injection via SR.other_config scheduler	Low (3.8)	JSON
MOKSHA-2026-0081	GCVE-117-2026-0081	BOC-3	I/O Polling Parameter Manipulation via VBD.other_config polling-duration	Low (3.1)	JSON
MOKSHA-2026-0082	GCVE-117-2026-0082	DOC-3	VDI Lifecycle Behavior Manipulation via VDI.other_config on_boot/cbt_enabled	Low (3.1)	JSON
MOKSHA-2026-0083	GCVE-117-2026-0083	HBP-1	Boot Order Manipulation via VM.HVM_boot_params order	Low (3.1)	JSON
MOKSHA-2026-0084	GCVE-117-2026-0084	HBP-2	Firmware Type Denial of Service via VM.HVM_boot_params firmware	Low (3.1)	JSON
MOKSHA-2026-0085	GCVE-117-2026-0085	LPC-1	Feature Restriction Bypass via Host.license_params restrict_* Keys	Low (2.3)	JSON
MOKSHA-2026-0086	GCVE-117-2026-0086	LPC-2	License Expiry Manipulation via Host.license_params expiry	Low (2.3)	JSON
MOKSHA-2026-0087	GCVE-117-2026-0087	PLAT-3	QEMU Device Model Selection via VM.platform device-model (Limited by Whitelist)	Low (2.3)	JSON
MOKSHA-2026-0088	GCVE-117-2026-0088	VQP-4	Int64 Overflow in bytes_per_interval via VIF.qos_algorithm_params	Low (2.3)	JSON
MOKSHA-2026-0089	GCVE-117-2026-0089	VQP-5	Raw kbps Value Exposure in Private Xenstore via VIF.qos_algorithm_params	Low (2.3)	JSON

Machine-Readable Endpoints

/dumps/gna-117.ndjson — NDJSON dump (BCP-05, one record per line)
/api/gcve/publication — paginated JSON
/index.json — advisory metadata index
/feed.xml — Atom feed

About

Moksha is GCVE Numbering Authority #117 under the Global CVE Allocation System. Advisories are published in BCP-05 format and indexed by Vulnerability-Lookup.

Contact: jakob@wolffhechel.dk · Signal +45 3170 7337

Jakob Wolffhechel · Moksha · Copenhagen
jakob@wolffhechel.dk · +45 3170 7337
Published 2026-04-24 08:00 CEST · cna.moksha.dk