{ "publisher": "Moksha", "site": "https://cna.moksha.dk/", "published": "2026-04-24T06:00:00Z", "gcve_gna": { "id": 117, "short_name": "Moksha", "prefix": "GCVE-117" }, "count": 89, "advisories": [ { "moksha_id": "MOKSHA-2026-0001", "gcve_id": "GCVE-117-2026-0001", "semantic_id": "BOC-1", "title": "Arbitrary Host Device Mount via VBD.other_config backend-local", "cvss_3_1_score": 9.9, "cvss_3_1_severity": "Critical", "cvss_4_0_score": 9.4, "cvss_4_0_severity": "Critical", "url": "https://cna.moksha.dk/MOKSHA-2026-0001", "json": "https://cna.moksha.dk/MOKSHA-2026-0001.json" }, { "moksha_id": "MOKSHA-2026-0002", "gcve_id": "GCVE-117-2026-0002", "semantic_id": "SMC-1", "title": "Storage Protocol Injection via sm_config", "cvss_3_1_score": 9.9, "cvss_3_1_severity": "Critical", "cvss_4_0_score": 8.6, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0002", "json": "https://cna.moksha.dk/MOKSHA-2026-0002.json" }, { "moksha_id": "MOKSHA-2026-0003", "gcve_id": "GCVE-117-2026-0003", "semantic_id": "VOC-1", "title": "System Domain Privilege Escalation via is_system_domain", "cvss_3_1_score": 9.9, "cvss_3_1_severity": "Critical", "cvss_4_0_score": 8.6, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0003", "json": "https://cna.moksha.dk/MOKSHA-2026-0003.json" }, { "moksha_id": "MOKSHA-2026-0004", "gcve_id": "GCVE-117-2026-0004", "semantic_id": "PDC-1", "title": "iSCSI Target Redirection via PBD.device_config", "cvss_3_1_score": 9.1, "cvss_3_1_severity": "Critical", "cvss_4_0_score": 8.7, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0004", "json": "https://cna.moksha.dk/MOKSHA-2026-0004.json" }, { "moksha_id": "MOKSHA-2026-0005", "gcve_id": "GCVE-117-2026-0005", "semantic_id": "PDC-2", "title": "NFS Server Redirection via PBD.device_config", "cvss_3_1_score": 9.1, "cvss_3_1_severity": "Critical", "cvss_4_0_score": 8.7, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0005", "json": "https://cna.moksha.dk/MOKSHA-2026-0005.json" }, { "moksha_id": "MOKSHA-2026-0006", "gcve_id": "GCVE-117-2026-0006", "semantic_id": "DOC-2", "title": "Storage Migration Redirection via VDI.other_config maps_to", "cvss_3_1_score": 8.5, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.8, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0006", "json": "https://cna.moksha.dk/MOKSHA-2026-0006.json" }, { "moksha_id": "MOKSHA-2026-0007", "gcve_id": "GCVE-117-2026-0007", "semantic_id": "BOC-2", "title": "Backend-Kind I/O Driver Type Confusion via VBD.other_config", "cvss_3_1_score": 7.5, "cvss_3_1_severity": "High", "cvss_4_0_score": 7.1, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0007", "json": "https://cna.moksha.dk/MOKSHA-2026-0007.json" }, { "moksha_id": "MOKSHA-2026-0008", "gcve_id": "GCVE-117-2026-0008", "semantic_id": "VOC-2", "title": "Storage Driver Domain PBD Detach DoS via VM.other_config", "cvss_3_1_score": 8.2, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.4, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0008", "json": "https://cna.moksha.dk/MOKSHA-2026-0008.json" }, { "moksha_id": "MOKSHA-2026-0009", "gcve_id": "GCVE-117-2026-0009", "semantic_id": "PLAT-6", "title": "QEMU Serial Host Filesystem Write via VM.platform hvm_serial", "cvss_3_1_score": 8.5, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.5, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0009", "json": "https://cna.moksha.dk/MOKSHA-2026-0009.json" }, { "moksha_id": "MOKSHA-2026-0010", "gcve_id": "GCVE-117-2026-0010", "semantic_id": "PDC-5", "title": "Block Device Path Injection via PBD.device_config", "cvss_3_1_score": 8.4, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.1, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0010", "json": "https://cna.moksha.dk/MOKSHA-2026-0010.json" }, { "moksha_id": "MOKSHA-2026-0011", "gcve_id": "GCVE-117-2026-0011", "semantic_id": "NOC-1", "title": "VIF Backend VM Hijack via Network.other_config backend_vm", "cvss_3_1_score": 8.8, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.6, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0011", "json": "https://cna.moksha.dk/MOKSHA-2026-0011.json" }, { "moksha_id": "MOKSHA-2026-0012", "gcve_id": "GCVE-117-2026-0012", "semantic_id": "NOC-2", "title": "OVS Fail-Mode Denial of Service via Network.other_config", "cvss_3_1_score": 8.2, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.2, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0012", "json": "https://cna.moksha.dk/MOKSHA-2026-0012.json" }, { "moksha_id": "MOKSHA-2026-0013", "gcve_id": "GCVE-117-2026-0013", "semantic_id": "PLOC-6", "title": "Pool-Wide OVS Fail-Mode Denial of Service via Pool.other_config", "cvss_3_1_score": 8.2, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.2, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0013", "json": "https://cna.moksha.dk/MOKSHA-2026-0013.json" }, { "moksha_id": "MOKSHA-2026-0014", "gcve_id": "GCVE-117-2026-0014", "semantic_id": "PDC-6", "title": "Local Initiator IQN Injection via PBD.device_config", "cvss_3_1_score": 8.1, "cvss_3_1_severity": "High", "cvss_4_0_score": 7.8, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0014", "json": "https://cna.moksha.dk/MOKSHA-2026-0014.json" }, { "moksha_id": "MOKSHA-2026-0015", "gcve_id": "GCVE-117-2026-0015", "semantic_id": "SSMC-2", "title": "VHD Format Flag Corruption via SR.sm_config use_vhd", "cvss_3_1_score": 7.6, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.4, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0015", "json": "https://cna.moksha.dk/MOKSHA-2026-0015.json" }, { "moksha_id": "MOKSHA-2026-0016", "gcve_id": "GCVE-117-2026-0016", "semantic_id": "PLAT-2", "title": "PVinPVH Xen Kernel Command-Line Injection via VM.platform", "cvss_3_1_score": 7.6, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.5, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0016", "json": "https://cna.moksha.dk/MOKSHA-2026-0016.json" }, { "moksha_id": "MOKSHA-2026-0017", "gcve_id": "GCVE-117-2026-0017", "semantic_id": "NOC-3", "title": "Static Route Injection via Network.other_config", "cvss_3_1_score": 7.6, "cvss_3_1_severity": "High", "cvss_4_0_score": 7.0, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0017", "json": "https://cna.moksha.dk/MOKSHA-2026-0017.json" }, { "moksha_id": "MOKSHA-2026-0018", "gcve_id": "GCVE-117-2026-0018", "semantic_id": "PLOC-2", "title": "HA Timeout Manipulation via Pool.other_config (Split-Brain/Blindness)", "cvss_3_1_score": 7.6, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.2, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0018", "json": "https://cna.moksha.dk/MOKSHA-2026-0018.json" }, { "moksha_id": "MOKSHA-2026-0019", "gcve_id": "GCVE-117-2026-0019", "semantic_id": "DOC-1", "title": "Tapdisk Memory Pool Injection via VDI.other_config mem-pool", "cvss_3_1_score": 8.2, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.8, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0019", "json": "https://cna.moksha.dk/MOKSHA-2026-0019.json" }, { "moksha_id": "MOKSHA-2026-0020", "gcve_id": "GCVE-117-2026-0020", "semantic_id": "DOC-4", "title": "CBT Metadata Corruption via VDI.other_config content_id", "cvss_3_1_score": 7.1, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.3, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0020", "json": "https://cna.moksha.dk/MOKSHA-2026-0020.json" }, { "moksha_id": "MOKSHA-2026-0021", "gcve_id": "GCVE-117-2026-0021", "semantic_id": "VIOC-2", "title": "Cross-VM Traffic Sniffing via VIF.other_config Promiscuous Mode", "cvss_3_1_score": 7.5, "cvss_3_1_severity": "High", "cvss_4_0_score": 6.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0021", "json": "https://cna.moksha.dk/MOKSHA-2026-0021.json" }, { "moksha_id": "MOKSHA-2026-0022", "gcve_id": "GCVE-117-2026-0022", "semantic_id": "BQP-1", "title": "Real-Time I/O Class Abuse via VBD.qos_algorithm_params - Cross-VM Starvation", "cvss_3_1_score": 7.5, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.3, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0022", "json": "https://cna.moksha.dk/MOKSHA-2026-0022.json" }, { "moksha_id": "MOKSHA-2026-0023", "gcve_id": "GCVE-117-2026-0023", "semantic_id": "PLOC-3", "title": "Guest Agent Script Execution Enablement via Pool.other_config", "cvss_3_1_score": 7.2, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.2, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0023", "json": "https://cna.moksha.dk/MOKSHA-2026-0023.json" }, { "moksha_id": "MOKSHA-2026-0024", "gcve_id": "GCVE-117-2026-0024", "semantic_id": "PDC-3", "title": "NFS Mount Option Injection via PBD.device_config", "cvss_3_1_score": 7.2, "cvss_3_1_severity": "High", "cvss_4_0_score": 7.3, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0024", "json": "https://cna.moksha.dk/MOKSHA-2026-0024.json" }, { "moksha_id": "MOKSHA-2026-0025", "gcve_id": "GCVE-117-2026-0025", "semantic_id": "SSMC-3", "title": "Storage Protocol Metadata Poisoning via SR.sm_config (targetIQN/target/LUNid)", "cvss_3_1_score": 7.2, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.4, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0025", "json": "https://cna.moksha.dk/MOKSHA-2026-0025.json" }, { "moksha_id": "MOKSHA-2026-0026", "gcve_id": "GCVE-117-2026-0026", "semantic_id": "HOC-1", "title": "Python Module Import Injection via Host.other_config multipathhandle", "cvss_3_1_score": 9.1, "cvss_3_1_severity": "Critical", "cvss_4_0_score": 9.3, "cvss_4_0_severity": "Critical", "url": "https://cna.moksha.dk/MOKSHA-2026-0026", "json": "https://cna.moksha.dk/MOKSHA-2026-0026.json" }, { "moksha_id": "MOKSHA-2026-0027", "gcve_id": "GCVE-117-2026-0027", "semantic_id": "POC-2", "title": "Gateway/DNS Routing Hijack via PIF.other_config defaultroute/peerdns", "cvss_3_1_score": 8.6, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.6, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0027", "json": "https://cna.moksha.dk/MOKSHA-2026-0027.json" }, { "moksha_id": "MOKSHA-2026-0028", "gcve_id": "GCVE-117-2026-0028", "semantic_id": "BOC-4", "title": "VDI Lifecycle Corruption via VBD.other_config owner Key", "cvss_3_1_score": 7.1, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.3, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0028", "json": "https://cna.moksha.dk/MOKSHA-2026-0028.json" }, { "moksha_id": "MOKSHA-2026-0029", "gcve_id": "GCVE-117-2026-0029", "semantic_id": "VIOC-1", "title": "SR-IOV VIF Whitelist Bypass via VIF.other_config", "cvss_3_1_score": 7.1, "cvss_3_1_severity": "High", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0029", "json": "https://cna.moksha.dk/MOKSHA-2026-0029.json" }, { "moksha_id": "MOKSHA-2026-0030", "gcve_id": "GCVE-117-2026-0030", "semantic_id": "VOC-3", "title": "XML Injection in Template Provisioning via VM.other_config disks", "cvss_3_1_score": 7.1, "cvss_3_1_severity": "High", "cvss_4_0_score": 7.1, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0030", "json": "https://cna.moksha.dk/MOKSHA-2026-0030.json" }, { "moksha_id": "MOKSHA-2026-0031", "gcve_id": "GCVE-117-2026-0031", "semantic_id": "XSD-1", "title": "Guest Agent Poisoning via VM.xenstore_data vm-data Injection", "cvss_3_1_score": 7.1, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.3, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0031", "json": "https://cna.moksha.dk/MOKSHA-2026-0031.json" }, { "moksha_id": "MOKSHA-2026-0032", "gcve_id": "GCVE-117-2026-0032", "semantic_id": "XSD-3", "title": "Bidirectional Data Exfiltration via VM.xenstore_data Guest-to-XAPI-DB Sync", "cvss_3_1_score": 7.1, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.3, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0032", "json": "https://cna.moksha.dk/MOKSHA-2026-0032.json" }, { "moksha_id": "MOKSHA-2026-0033", "gcve_id": "GCVE-117-2026-0033", "semantic_id": "VQP-1", "title": "Rate Limit Bypass via VIF.qos_algorithm_params Large kbps Overflow", "cvss_3_1_score": 7.1, "cvss_3_1_severity": "High", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0033", "json": "https://cna.moksha.dk/MOKSHA-2026-0033.json" }, { "moksha_id": "MOKSHA-2026-0034", "gcve_id": "GCVE-117-2026-0034", "semantic_id": "DOC-5", "title": "Coalesce Blocking via VDI.other_config leaf-coalesce", "cvss_3_1_score": 7.1, "cvss_3_1_severity": "High", "cvss_4_0_score": 7.1, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0034", "json": "https://cna.moksha.dk/MOKSHA-2026-0034.json" }, { "moksha_id": "MOKSHA-2026-0035", "gcve_id": "GCVE-117-2026-0035", "semantic_id": "HOC-2", "title": "iSCSI Initiator Identity Spoofing via Host.other_config iscsi_iqn", "cvss_3_1_score": 6.8, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 6.9, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0035", "json": "https://cna.moksha.dk/MOKSHA-2026-0035.json" }, { "moksha_id": "MOKSHA-2026-0036", "gcve_id": "GCVE-117-2026-0036", "semantic_id": "SOC-2", "title": "LVM Configuration Injection via SR.other_config lvm-conf", "cvss_3_1_score": 6.7, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 7.0, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0036", "json": "https://cna.moksha.dk/MOKSHA-2026-0036.json" }, { "moksha_id": "MOKSHA-2026-0037", "gcve_id": "GCVE-117-2026-0037", "semantic_id": "SOC-3", "title": "VHD Test Mode and Failure Injection via SR.other_config testmode", "cvss_3_1_score": 6.5, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 7.0, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0037", "json": "https://cna.moksha.dk/MOKSHA-2026-0037.json" }, { "moksha_id": "MOKSHA-2026-0038", "gcve_id": "GCVE-117-2026-0038", "semantic_id": "SSMC-1", "title": "Provisioning Type Manipulation via SR.sm_config allocation", "cvss_3_1_score": 8.7, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.8, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0038", "json": "https://cna.moksha.dk/MOKSHA-2026-0038.json" }, { "moksha_id": "MOKSHA-2026-0039", "gcve_id": "GCVE-117-2026-0039", "semantic_id": "SSMC-4", "title": "Filesystem Layout Manipulation via SR.sm_config nosubdir/subdir", "cvss_3_1_score": 8.5, "cvss_3_1_severity": "High", "cvss_4_0_score": 8.7, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0039", "json": "https://cna.moksha.dk/MOKSHA-2026-0039.json" }, { "moksha_id": "MOKSHA-2026-0040", "gcve_id": "GCVE-117-2026-0040", "semantic_id": "PDC-4", "title": "CHAP Credential Exposure via PBD.device_config", "cvss_3_1_score": 6.5, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 6.9, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0040", "json": "https://cna.moksha.dk/MOKSHA-2026-0040.json" }, { "moksha_id": "MOKSHA-2026-0041", "gcve_id": "GCVE-117-2026-0041", "semantic_id": "PLOC-1", "title": "Rolling Upgrade State Injection via Pool.other_config", "cvss_3_1_score": 7.5, "cvss_3_1_severity": "High", "cvss_4_0_score": 7.7, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0041", "json": "https://cna.moksha.dk/MOKSHA-2026-0041.json" }, { "moksha_id": "MOKSHA-2026-0042", "gcve_id": "GCVE-117-2026-0042", "semantic_id": "PLOC-4", "title": "SMTP Server Redirection / Credential Exfiltration via Pool.other_config", "cvss_3_1_score": 6.5, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.1, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0042", "json": "https://cna.moksha.dk/MOKSHA-2026-0042.json" }, { "moksha_id": "MOKSHA-2026-0043", "gcve_id": "GCVE-117-2026-0043", "semantic_id": "PLOC-5", "title": "PBD Synchronization Bypass via Pool.other_config sync_create_pbds", "cvss_3_1_score": 6.5, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 7.0, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0043", "json": "https://cna.moksha.dk/MOKSHA-2026-0043.json" }, { "moksha_id": "MOKSHA-2026-0044", "gcve_id": "GCVE-117-2026-0044", "semantic_id": "PLAT-1", "title": "QEMU -parallel Path Traversal (VM DoS) via VM.platform", "cvss_3_1_score": 6.5, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0044", "json": "https://cna.moksha.dk/MOKSHA-2026-0044.json" }, { "moksha_id": "MOKSHA-2026-0045", "gcve_id": "GCVE-117-2026-0045", "semantic_id": "POC-1", "title": "Arbitrary Bond Property Injection via PIF.other_config bond-*", "cvss_3_1_score": 6.5, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.1, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0045", "json": "https://cna.moksha.dk/MOKSHA-2026-0045.json" }, { "moksha_id": "MOKSHA-2026-0046", "gcve_id": "GCVE-117-2026-0046", "semantic_id": "POC-3", "title": "MTU Manipulation / Network Partition via PIF.other_config", "cvss_3_1_score": 6.5, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 8.3, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0046", "json": "https://cna.moksha.dk/MOKSHA-2026-0046.json" }, { "moksha_id": "MOKSHA-2026-0047", "gcve_id": "GCVE-117-2026-0047", "semantic_id": "POC-5", "title": "DNS Search Domain Injection via PIF.other_config domain", "cvss_3_1_score": 6.1, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.1, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0047", "json": "https://cna.moksha.dk/MOKSHA-2026-0047.json" }, { "moksha_id": "MOKSHA-2026-0048", "gcve_id": "GCVE-117-2026-0048", "semantic_id": "HOC-3", "title": "Storage Availability Disruption via Host.other_config multipathing", "cvss_3_1_score": 5.5, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 7.0, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0048", "json": "https://cna.moksha.dk/MOKSHA-2026-0048.json" }, { "moksha_id": "MOKSHA-2026-0049", "gcve_id": "GCVE-117-2026-0049", "semantic_id": "NOC-4", "title": "HIMN Identity Hijack + DHCP Manipulation via Network.other_config", "cvss_3_1_score": 5.5, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.1, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0049", "json": "https://cna.moksha.dk/MOKSHA-2026-0049.json" }, { "moksha_id": "MOKSHA-2026-0050", "gcve_id": "GCVE-117-2026-0050", "semantic_id": "SSMC-5", "title": "LUNperVDI Mode Manipulation via SR.sm_config", "cvss_3_1_score": 5.5, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.1, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0050", "json": "https://cna.moksha.dk/MOKSHA-2026-0050.json" }, { "moksha_id": "MOKSHA-2026-0051", "gcve_id": "GCVE-117-2026-0051", "semantic_id": "DOC-7", "title": "Config Drive Misidentification via VDI.other_config config-drive", "cvss_3_1_score": 5.4, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 2.3, "cvss_4_0_severity": "Low", "url": "https://cna.moksha.dk/MOKSHA-2026-0051", "json": "https://cna.moksha.dk/MOKSHA-2026-0051.json" }, { "moksha_id": "MOKSHA-2026-0052", "gcve_id": "GCVE-117-2026-0052", "semantic_id": "BOC-5", "title": "Leaked VBD Detection Spoofing via task_id/related_to", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0052", "json": "https://cna.moksha.dk/MOKSHA-2026-0052.json" }, { "moksha_id": "MOKSHA-2026-0053", "gcve_id": "GCVE-117-2026-0053", "semantic_id": "VIOC-3", "title": "MTU Manipulation (0-65535) via VIF.other_config", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0053", "json": "https://cna.moksha.dk/MOKSHA-2026-0053.json" }, { "moksha_id": "MOKSHA-2026-0054", "gcve_id": "GCVE-117-2026-0054", "semantic_id": "VOC-4", "title": "MAC Address Collision via VM.other_config mac_seed", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0054", "json": "https://cna.moksha.dk/MOKSHA-2026-0054.json" }, { "moksha_id": "MOKSHA-2026-0055", "gcve_id": "GCVE-117-2026-0055", "semantic_id": "VOC-5", "title": "set_other_config RBAC Bypass for PCI Passthrough Key", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 7.1, "cvss_4_0_severity": "High", "url": "https://cna.moksha.dk/MOKSHA-2026-0055", "json": "https://cna.moksha.dk/MOKSHA-2026-0055.json" }, { "moksha_id": "MOKSHA-2026-0056", "gcve_id": "GCVE-117-2026-0056", "semantic_id": "VOC-6", "title": "Console Access Manipulation via VM.other_config disable_pv_vnc", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0056", "json": "https://cna.moksha.dk/MOKSHA-2026-0056.json" }, { "moksha_id": "MOKSHA-2026-0057", "gcve_id": "GCVE-117-2026-0057", "semantic_id": "XSD-2", "title": "FIST Namespace Exposure via VM.xenstore_data", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0057", "json": "https://cna.moksha.dk/MOKSHA-2026-0057.json" }, { "moksha_id": "MOKSHA-2026-0058", "gcve_id": "GCVE-117-2026-0058", "semantic_id": "XSD-4", "title": "Xenstore Quota Exhaustion via VM.xenstore_data", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0058", "json": "https://cna.moksha.dk/MOKSHA-2026-0058.json" }, { "moksha_id": "MOKSHA-2026-0059", "gcve_id": "GCVE-117-2026-0059", "semantic_id": "XSD-5", "title": "Multi-Tenant Trust Confusion via VM.xenstore_data", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0059", "json": "https://cna.moksha.dk/MOKSHA-2026-0059.json" }, { "moksha_id": "MOKSHA-2026-0060", "gcve_id": "GCVE-117-2026-0060", "semantic_id": "BQP-2", "title": "Arbitrary Integer Passthrough to ionice via VBD.qos_algorithm_params", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0060", "json": "https://cna.moksha.dk/MOKSHA-2026-0060.json" }, { "moksha_id": "MOKSHA-2026-0061", "gcve_id": "GCVE-117-2026-0061", "semantic_id": "BQP-3", "title": "I/O Scheduling Downgrade to Idle Class via VBD.qos_algorithm_params", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0061", "json": "https://cna.moksha.dk/MOKSHA-2026-0061.json" }, { "moksha_id": "MOKSHA-2026-0062", "gcve_id": "GCVE-117-2026-0062", "semantic_id": "VQP-2", "title": "Rate Limit Removal via kbps=0 in VIF.qos_algorithm_params", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0062", "json": "https://cna.moksha.dk/MOKSHA-2026-0062.json" }, { "moksha_id": "MOKSHA-2026-0063", "gcve_id": "GCVE-117-2026-0063", "semantic_id": "VQP-3", "title": "Negative kbps Injection in VIF.qos_algorithm_params", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0063", "json": "https://cna.moksha.dk/MOKSHA-2026-0063.json" }, { "moksha_id": "MOKSHA-2026-0064", "gcve_id": "GCVE-117-2026-0064", "semantic_id": "VXD-1", "title": "Database Field Poisoning via VDI.xenstore_data Arbitrary Keys", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0064", "json": "https://cna.moksha.dk/MOKSHA-2026-0064.json" }, { "moksha_id": "MOKSHA-2026-0065", "gcve_id": "GCVE-117-2026-0065", "semantic_id": "VXD-2", "title": "SCSI Identity Forgery in XAPI Database via VDI.xenstore_data", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0065", "json": "https://cna.moksha.dk/MOKSHA-2026-0065.json" }, { "moksha_id": "MOKSHA-2026-0066", "gcve_id": "GCVE-117-2026-0066", "semantic_id": "VXD-3", "title": "Metadata Propagation via VDI Snapshot and Clone Operations", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0066", "json": "https://cna.moksha.dk/MOKSHA-2026-0066.json" }, { "moksha_id": "MOKSHA-2026-0067", "gcve_id": "GCVE-117-2026-0067", "semantic_id": "VXD-4", "title": "Cross-Pool Metadata Injection via VDI.xenstore_data on Pool Join", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0067", "json": "https://cna.moksha.dk/MOKSHA-2026-0067.json" }, { "moksha_id": "MOKSHA-2026-0068", "gcve_id": "GCVE-117-2026-0068", "semantic_id": "PLAT-4", "title": "Guest Xenstore Data Injection via VM.platform Map", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0068", "json": "https://cna.moksha.dk/MOKSHA-2026-0068.json" }, { "moksha_id": "MOKSHA-2026-0069", "gcve_id": "GCVE-117-2026-0069", "semantic_id": "PLAT-5", "title": "Hypervisor Security Feature Manipulation via VM.platform (nx/hap)", "cvss_3_1_score": 5.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0069", "json": "https://cna.moksha.dk/MOKSHA-2026-0069.json" }, { "moksha_id": "MOKSHA-2026-0070", "gcve_id": "GCVE-117-2026-0070", "semantic_id": "VIOC-5", "title": "Infrastructure Metadata Leak via SR-IOV VIF Xenstore Passthrough", "cvss_3_1_score": 5.0, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0070", "json": "https://cna.moksha.dk/MOKSHA-2026-0070.json" }, { "moksha_id": "MOKSHA-2026-0071", "gcve_id": "GCVE-117-2026-0071", "semantic_id": "NOC-5", "title": "OVS In-Band Management Disablement via Network.other_config", "cvss_3_1_score": 4.9, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.1, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0071", "json": "https://cna.moksha.dk/MOKSHA-2026-0071.json" }, { "moksha_id": "MOKSHA-2026-0072", "gcve_id": "GCVE-117-2026-0072", "semantic_id": "HOC-4", "title": "SR Scan Interval Manipulation via Host.other_config auto-scan-interval", "cvss_3_1_score": 4.9, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.1, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0072", "json": "https://cna.moksha.dk/MOKSHA-2026-0072.json" }, { "moksha_id": "MOKSHA-2026-0073", "gcve_id": "GCVE-117-2026-0073", "semantic_id": "SOC-4", "title": "SR Destruction Protection Bypass and DoS via SR.other_config indestructible", "cvss_3_1_score": 4.9, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.1, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0073", "json": "https://cna.moksha.dk/MOKSHA-2026-0073.json" }, { "moksha_id": "MOKSHA-2026-0074", "gcve_id": "GCVE-117-2026-0074", "semantic_id": "SOC-5", "title": "GC and Coalesce Disablement via SR.other_config", "cvss_3_1_score": 4.9, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 6.9, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0074", "json": "https://cna.moksha.dk/MOKSHA-2026-0074.json" }, { "moksha_id": "MOKSHA-2026-0075", "gcve_id": "GCVE-117-2026-0075", "semantic_id": "PLOC-7", "title": "Memory Ratio Bounds Relaxation via Pool.other_config", "cvss_3_1_score": 4.9, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.1, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0075", "json": "https://cna.moksha.dk/MOKSHA-2026-0075.json" }, { "moksha_id": "MOKSHA-2026-0076", "gcve_id": "GCVE-117-2026-0076", "semantic_id": "POC-4", "title": "Network Offload Disablement via PIF.other_config ethtool Keys", "cvss_3_1_score": 4.9, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.1, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0076", "json": "https://cna.moksha.dk/MOKSHA-2026-0076.json" }, { "moksha_id": "MOKSHA-2026-0077", "gcve_id": "GCVE-117-2026-0077", "semantic_id": "VIOC-4", "title": "VIF NIC Offload Disablement via VIF.other_config ethtool Keys", "cvss_3_1_score": 4.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0077", "json": "https://cna.moksha.dk/MOKSHA-2026-0077.json" }, { "moksha_id": "MOKSHA-2026-0078", "gcve_id": "GCVE-117-2026-0078", "semantic_id": "DOC-6", "title": "Guest Clock Manipulation via VDI.other_config timeoffset", "cvss_3_1_score": 4.3, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 2.3, "cvss_4_0_severity": "Low", "url": "https://cna.moksha.dk/MOKSHA-2026-0078", "json": "https://cna.moksha.dk/MOKSHA-2026-0078.json" }, { "moksha_id": "MOKSHA-2026-0079", "gcve_id": "GCVE-117-2026-0079", "semantic_id": "NOC-6", "title": "Network Sharing Bypass via Network.other_config assume_network_is_shared", "cvss_3_1_score": 4.1, "cvss_3_1_severity": "Medium", "cvss_4_0_score": 5.1, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0079", "json": "https://cna.moksha.dk/MOKSHA-2026-0079.json" }, { "moksha_id": "MOKSHA-2026-0080", "gcve_id": "GCVE-117-2026-0080", "semantic_id": "SOC-1", "title": "I/O Scheduler Sysfs Injection via SR.other_config scheduler", "cvss_3_1_score": 3.8, "cvss_3_1_severity": "Low", "cvss_4_0_score": 5.1, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0080", "json": "https://cna.moksha.dk/MOKSHA-2026-0080.json" }, { "moksha_id": "MOKSHA-2026-0081", "gcve_id": "GCVE-117-2026-0081", "semantic_id": "BOC-3", "title": "I/O Polling Parameter Manipulation via VBD.other_config polling-duration", "cvss_3_1_score": 3.1, "cvss_3_1_severity": "Low", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0081", "json": "https://cna.moksha.dk/MOKSHA-2026-0081.json" }, { "moksha_id": "MOKSHA-2026-0082", "gcve_id": "GCVE-117-2026-0082", "semantic_id": "DOC-3", "title": "VDI Lifecycle Behavior Manipulation via VDI.other_config on_boot/cbt_enabled", "cvss_3_1_score": 3.1, "cvss_3_1_severity": "Low", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0082", "json": "https://cna.moksha.dk/MOKSHA-2026-0082.json" }, { "moksha_id": "MOKSHA-2026-0083", "gcve_id": "GCVE-117-2026-0083", "semantic_id": "HBP-1", "title": "Boot Order Manipulation via VM.HVM_boot_params order", "cvss_3_1_score": 3.1, "cvss_3_1_severity": "Low", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0083", "json": "https://cna.moksha.dk/MOKSHA-2026-0083.json" }, { "moksha_id": "MOKSHA-2026-0084", "gcve_id": "GCVE-117-2026-0084", "semantic_id": "HBP-2", "title": "Firmware Type Denial of Service via VM.HVM_boot_params firmware", "cvss_3_1_score": 3.1, "cvss_3_1_severity": "Low", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0084", "json": "https://cna.moksha.dk/MOKSHA-2026-0084.json" }, { "moksha_id": "MOKSHA-2026-0085", "gcve_id": "GCVE-117-2026-0085", "semantic_id": "LPC-1", "title": "Feature Restriction Bypass via Host.license_params restrict_* Keys", "cvss_3_1_score": 2.3, "cvss_3_1_severity": "Low", "cvss_4_0_score": 4.6, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0085", "json": "https://cna.moksha.dk/MOKSHA-2026-0085.json" }, { "moksha_id": "MOKSHA-2026-0086", "gcve_id": "GCVE-117-2026-0086", "semantic_id": "LPC-2", "title": "License Expiry Manipulation via Host.license_params expiry", "cvss_3_1_score": 2.3, "cvss_3_1_severity": "Low", "cvss_4_0_score": 4.6, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0086", "json": "https://cna.moksha.dk/MOKSHA-2026-0086.json" }, { "moksha_id": "MOKSHA-2026-0087", "gcve_id": "GCVE-117-2026-0087", "semantic_id": "PLAT-3", "title": "QEMU Device Model Selection via VM.platform device-model (Limited by Whitelist)", "cvss_3_1_score": 2.3, "cvss_3_1_severity": "Low", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0087", "json": "https://cna.moksha.dk/MOKSHA-2026-0087.json" }, { "moksha_id": "MOKSHA-2026-0088", "gcve_id": "GCVE-117-2026-0088", "semantic_id": "VQP-4", "title": "Int64 Overflow in bytes_per_interval via VIF.qos_algorithm_params", "cvss_3_1_score": 2.3, "cvss_3_1_severity": "Low", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0088", "json": "https://cna.moksha.dk/MOKSHA-2026-0088.json" }, { "moksha_id": "MOKSHA-2026-0089", "gcve_id": "GCVE-117-2026-0089", "semantic_id": "VQP-5", "title": "Raw kbps Value Exposure in Private Xenstore via VIF.qos_algorithm_params", "cvss_3_1_score": 2.3, "cvss_3_1_severity": "Low", "cvss_4_0_score": 5.3, "cvss_4_0_severity": "Medium", "url": "https://cna.moksha.dk/MOKSHA-2026-0089", "json": "https://cna.moksha.dk/MOKSHA-2026-0089.json" } ] }