March 2026 Security Updates #2 for XCP-ng 8.3 LTS
New security update is available for XCP-ng 8.3 LTS.
📔
To update, follow this guide. You can also join the discussion on our community forum.
Host reboots are necessary after this update.
Host reboots are necessary after this update.
📋Summary
A new vulnerability has been detected and fixed for Xen. This was introduced by an upstream commit, and detected before the Xen Project did any new release. Therefore this does not impact any upstream release, and there is no Xen Security Advisory this time. But that change was backported into XCP-ng's xen package, therefore XCP-ng is impacted.
🔒Security Updates
XEN
Addresses a vulnerability in which insufficient memory sanitization during virtual machine creation could leak data from earlier instances and open the door to privilege escalation in case of leaked secrets.
References: VSA-2026-006, CVE-2026-4397
