CVE-2026-43249

Daily digests

A race condition in the Xen 9pfs frontend driver lets a local attacker with access to a Xen guest trigger a use-after-free by calling the cleanup function concurrently. This can lead to privilege escalation or a guest-to-host escape on Xen-based virtualization setups. If you're not running Xen paravirtualized guests with 9pfs shares, you're not exposed.

• Patch Tuesday · May 13, 2026

  Patch Tuesday May 2026: DNS + Netlogon at 9.8, 19 more