CVE-2026-26103 – Udisks: missing authorization check allows unprivileged users to restore luks headers via udisks d-bus api

CVE ID : CVE-2026-26103

Published : Feb. 25, 2026, 10:31 a.m. | 36 minutes ago

Description : A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…