CVE-2026-26103 - Udisks: missing authorization check allows unprivileged users to restore luks he...

CVE ID : CVE-2026-26103 Published : Feb. 25, 2026, 10:31 a.m. | 17 minutes ago Description : A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...