{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "cveMetadata": {
    "cveId": "MOKSHA-2026-0011",
    "assignerOrgId": "moksha.dk",
    "x_moksha_note": "Self-issued advisory. MOKSHA-2026-NNNN is not a MITRE CVE ID. Schema follows CVE JSON 5.1 for tooling compatibility. CVE ID will be added to alternateIds when assigned by MITRE or another CNA.",
    "state": "PUBLISHED",
    "datePublished": "2026-04-24T06:00:00Z"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "moksha.dk",
        "shortName": "Moksha",
        "dateUpdated": "2026-04-24T06:00:00Z"
      },
      "title": "VIF Backend VM Hijack via Network.other_config backend_vm",
      "descriptions": [
        {
          "lang": "en",
          "value": "A pool-operator in XAPI-based hypervisors (XenServer, XCP-ng) can redirect all VIF traffic on a network through an attacker-controlled VM by setting Network.other_config:backend_vm to a VM UUID they control. XAPI reads this key in xapi_xenops.ml and returns Network.Remote(backend_vm, bridge) instead of Network.Local(bridge) for all subsequent VIF creations on that network. All VMs connected to the network have their traffic routed through the attacker VM, enabling traffic interception, credential sniffing, and man-in-the-middle attacks."
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "baseScore": 8.4,
            "baseSeverity": "HIGH"
          }
        },
        {
          "format": "CVSS",
          "cvssV4_0": {
            "version": "4.0",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM"
          }
        }
      ],
      "affected": [
        {
          "vendor": "Cloud Software Group",
          "product": "XenServer",
          "versions": [
            { "status": "affected", "version": "all", "versionType": "custom" }
          ]
        },
        {
          "vendor": "Vates",
          "product": "XCP-ng",
          "versions": [
            { "status": "affected", "version": "all", "versionType": "custom" }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Missing Authorization",
              "cweId": "CWE-862",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Input Validation",
              "cweId": "CWE-20",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        { "url": "https://cna.moksha.dk/MOKSHA-2026-0011" }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jakob Wolffhechel, Moksha"
        }
      ]
    }
  }
}