Improper Certificate Validation in Xen - CVE-2026-42491
Published: July 14, 2026
Xen
Detailed vulnerability description
The vulnerability allows a remote attacker to intercept communications and disclose sensitive information or tamper with data in transit.
The vulnerability exists due to improper certificate validation in HTTP handlers in the XAPI C# and Powershell SDKs when opening a separate connection to the XAPI host. A remote attacker can perform a man-in-the-middle attack on network communication to intercept communications and disclose sensitive information or tamper with data in transit.
Successful exploitation may expose a session token and affect exported or imported disk images, host backups, RRD performance data, and patches or updates transferred over these connections.