Article Record Type : Security Bulletin
Article Id : CTX696811
Last Modified Date : 07-14-2026 12:12
Created Date : 07-10-2026 10:48
Severity : Medium
Description of Problem
An issue has been identified in the XenServer management API SDK that may allow an attacker on the management network who is able to intercept specific HTTPS requests within a higher-level operation to be able to act with the privileges of the intercepted administrator. This issue affects the XenCenter management agent together with third-party PowerShell and C# SDK clients.
This issue has the following identifier:
- CVE-2026-42491
Affected Versions
This issue affects XenCenter versions before 2026.4.0 and, for PowerShell and C# clients only, SDK versions before 26.15.0. As the issue is in the client-side (XenCenter and SDK) code, it is independent of the version of XenServer that is in use.