← Advisory Index « MOKSHA-2026-0029 MOKSHA-2026-0031 »

MOKSHA-2026-0030: XML Injection in Template Provisioning via VM.other_config disks

Advisory ID	MOKSHA-2026-0030
Semantic ID	VOC-3
Published	2026-04-24
CVSS 3.1	7.1 High
CVSS 3.1 Vector	`AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L`
CVSS 4.0	7.1 High
CVSS 4.0 Vector	`AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:L/SA:N`
XAPI Object	`VM`
XAPI Field	`other_config:disks`
Entry Role	vm-admin
Researcher	Jakob Wolffhechel, Moksha

Affected Products

Vendor	Product	Versions
Citrix / Cloud Software Group	XenServer / Citrix Hypervisor	all versions (shared XAPI codebase)
Vates	XCP-ng	8.3.0

Summary

A vm-admin can inject crafted XML into VM.other_config:disks, which is parsed via Xml.parse_string during template provisioning at xapi_templates.ml:103-104. The parser expects a <provision><disk .../></provision> structure and extracts device, size, sr, bootable, and type attributes. By injecting malformed XML, an attacker can cause denial of service via parse errors. By injecting well-formed but malicious XML, an attacker can target specific SRs for VDI creation (SR targeting), specify extreme disk sizes to exhaust storage, or inject unexpected disk configurations. The key has no per-key RBAC protection beyond the vm-admin method-level check.

Vulnerability Description

VM.other_config is a Map(String, String) field writable by vm-admin. The disks key is parsed as raw XML during template clone and provisioning operations.

The code path:

vm-admin calls VM.add_to_other_config(vm, "disks", "<malicious XML>")
When the template is cloned or provisioned, XAPI reads and parses:

(* xapi_templates.ml:103-104 *)
disks_of_xml (Xml.parse_string (List.assoc disks_key other_config))

disk_of_xml extracts attributes: device, size, sr, bootable, type
XAPI creates VDIs according to the parsed specification

Attack Vectors

Vector	Mechanism	Impact
Malformed XML	`Xml.parse_string` raises exception on invalid XML	Denial of service - template provisioning fails
Extreme size	`size` attribute set to very large value	Storage exhaustion on target SR
SR targeting	`sr` attribute set to specific SR UUID	VDIs created on attacker-chosen SR (bypassing intended placement)
Disk count inflation	Many `<disk>` elements in the XML	Resource exhaustion via mass VDI creation

Root Causes

Missing RBAC protection. VM.other_config has zero map_keys_roles entries for the disks key. vm-admin can write arbitrary values.
Structural validation only. Xml.parse_string validates XML syntax but does not enforce a schema. Any well-formed XML is accepted. No validation on attribute values (size range, SR existence, device validity).
Backend trust assumption. xapi_templates.ml assumes the disks key contains legitimate provisioning data set by a trusted template creator.

Affected Systems

Directly Affected

XenServer / Citrix Hypervisor - all versions (shared XAPI codebase)
XCP-ng 8.3 - confirmed (source trace)

Indirectly Affected

Storage repositories - targeted by SR-specific VDI creation
Template consumers - templates with injected disk specifications create unexpected VMs

Exploitation Scenarios

Scenario	Impact	Pre-conditions	Status
Provisioning DoS	Template clone/provisioning fails with XML parse error	vm-admin, template provisioning workflow	Source-traced
Storage exhaustion	VDIs with extreme sizes created on target SR	vm-admin, template provisioning	Source-traced
SR targeting	VDIs created on attacker-chosen SR instead of intended SR	vm-admin, knowledge of SR UUIDs	Source-traced
Resource exhaustion	Mass VDI creation via many `<disk>` elements	vm-admin, template provisioning	Modeled

Detection

Monitor VM.other_config writes for the disks key from API users
Alert on disks values that do not match the expected <provision><disk .../></provision> structure
Monitor for unexpected VDI creation events during template provisioning
See rule V-03 in disclosure/vendor-detection-guidance.md

Remediation

Short-Term Mitigations

Audit all template VMs for unexpected disks values in other_config
Monitor VDI creation events for unexpected SR targeting or extreme sizes
Restrict vm-admin role grants for template management

Long-Term Fix

Schema validation. Validate the disks XML against a strict schema before parsing. Reject any XML that does not conform to the expected <provision><disk .../></provision> structure.

Attribute validation. Validate size against reasonable bounds. Validate sr against the set of SRs the user is authorized to access. Validate device against known device positions.

Add map_keys_roles. Protect disks in datamodel.ml at _R_POOL_ADMIN to prevent vm-admin from modifying template provisioning specifications.

Upstream patches exist. They are held privately pending coordinated disclosure.

Disclosure

Disclosure:

Public release: 2026-04-24 08:00 CEST
CERT/CC notified: 2026-04-23
MITRE CVE reservation filed: 2026-04-09 (no response as of publication)
EU CVE registers notified: 2026-04-18 (GCVE/CIRCL, ENISA, DIVD - no response)
Vendor (Cloud Software Group / Citrix): not contacted pre-publication
Downstream maintainer (Vates/XCP-ng): contacted 2026-04-23 with conditional patch offer

References

XAPI source: xapi_templates.ml:103-104 (XML parsing), xapi_templates.ml:63-117 (disk_of_xml attribute extraction), datamodel.ml (VM field definition)
Thematic advisory: disclosure/advisories/voc-security-advisory.md (VOC-3)
Investigation: research/investigations/vm-other-config.md

Credits

Discovered and reported by Jakob Wolffhechel, Moksha.

Machine-readable: MOKSHA-2026-0030.json (CVE JSON 5.1 schema)

← Advisory Index « MOKSHA-2026-0029 MOKSHA-2026-0031 »

Jakob Wolffhechel · Moksha · Copenhagen
jakob@wolffhechel.dk · +45 3170 7337
Published 2026-04-24 08:00 CEST · cna.moksha.dk · shittrix.moksha.dk