Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN444 _____________________________________________________________________ DATE : 29/04/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running XenServer versions 8.4. ===================================================================== https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696527&articleURL=XenServer_Security_Update_for_Multiple_Issues _____________________________________________________________________ XenServer Security Update for Multiple Issues Article Id : CTX696527 Last Modified Date : 04-28-2026 12:03 Created Date : 04-28-2026 12:00 Article Record Type : Security Bulletin Severity : High Summary Severity: High Description of Problem Several issues have been identified that affect XenServer 8.4. These are: An issue that may, in some circumstances, allow a malicious privileged user in a guest VM to compromise the host. This issue has the following identifier: CVE-2026-23558 An issue that may allow a malicious privileged user in a guest VM to cause the host to crash or become unresponsive. This issue has the following identifier: CVE-2026-23556 Several issues that may allow a logged-in host administrator to escalate their privileges to a higher level than defined by their RBAC role. These issues have the following identifiers: CVE-2026-23559 CVE-2026-23560 CVE-2026-23561 An issue in certain AMD CPUs that may allow code in a guest VM to infer the operands of a floating-point division occurring in a different VM. Although this is not a vulnerability in the XenServer product itself, for the convenience of customers we are providing an update that mitigates this CPU hardware issue. This issue has the following identifier: CVE-2025-54505 Affected Versions These issues affect XenServer 8.4. (Note that XenServer 9 is in Public Preview; releases in preview state are not intended for production use and so are not covered by security bulletins until they exit preview state.) Details What Customers Should Do We have pushed updates to both the Early Access and Normal update channels of XenServer 8.4. We recommend that customers update to the latest version from their chosen channel following the instructions at https://docs.xenserver.com/en-us/xenserver/8/update What Citrix is Doing We are notifying customers and channel partners about this potential security issue through the publication of this security bulletin on the Citrix Knowledge Center at https://support.citrix.com/support-home/topic-article-list?trendingCategory=20&trendingTopicName=Security%20Bulletin Obtaining Support on This Issue If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support Subscribe to Receive Alerts Citrix strongly recommends that all customers subscribe to receive alerts when a security bulletin is created or modified at https://support.citrix.com/wolken-support/view/aboutsupport/my-support-alerts Reporting Security Vulnerabilities to Citrix Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For details on our vulnerability response process and guidance on how to report security-related issues to Citrix, please see the following webpage: https://www.cloud.com/trust-center/support Change Log 2026-04-28 Initial Publication ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================