The Shittrix Disclosure: 89 Flaws Collapse 20 Years of Trust in Citrix and XCP-ng
Ddos 
Independent security researcher Jakob Wolffhechel has publicly disclosed 89 vulnerabilities impacting Citrix XenServer/Hypervisor and its open-source counterpart, XCP-ng. Dubbed “Shittrix” by the researcher due to widespread input-validation failures, the audit reveals a “transitive-trust collapse” that has existed largely unchanged since the management stack was first written around 2006.
The audit, which took nine weeks to complete, identified five core architectural failures that allow even the lowest-level administrators to seize total control over high-assurance environments.
At the heart of the disclosure is a systematic failure to validate API inputs. Every writable field across eight critical XAPI object types was found to have zero input validation. This oversight allows a user with the minimum delegated management role (vm-admin) to execute single API calls—requiring no exploit code or root shell—to achieve full host filesystem access and pool-wide compromise.
One of the most critical findings, designated BOC-1 (CVSS 9.9), allows an attacker to mount any host block device as a guest virtual disk. This enables the reading of sensitive files like /etc/shadow and SSH keys, as well as the exfiltration of data from VMs belonging to entirely different hypervisors, such as Proxmox VE, VMware, or Nutanix, that share the same storage backend.
The audit also highlights SMC-1 (CVSS 9.9), a vulnerability that turns a hypervisor into a “silent proxy” for malformed storage-protocol commands. Attackers can inject commands for iSCSI, NFS, or SMB protocols directly through the hypervisor, making the malicious traffic indistinguishable from legitimate storage I/O at the array layer.
According to the report, “The hypervisor becomes a silent proxy, forwarding malformed commands to storage arrays. The traffic is indistinguishable from normal storage I/O from the storage vendor’s perspective”.
These patterns have been open-source since 2013 and present in proprietary code since 2006. Wolffhechel argues that it is “statistically implausible” that these vulnerabilities have not already been weaponized by well-resourced threat actors.
The researcher warns, “Assume compromise has already occurred. This is not a precautionary framing. The attack surface—input validation on writable API fields—is the most trivially-audited class of vulnerability in software”.
The vulnerability chain extends far beyond the software stack. Because BOC-1 grants root-equivalent access to the hypervisor, attackers could potentially write malicious implants directly to a motherboard’s SPI flash, creating bootkits that survive disk reformats and OS reinstalls.
For organizations in regulated spaces (such as those governed by HIPAA, GDPR, or PCI-DSS), the recommended remediation is not a simple patch. The researcher advises that any host in production during the 20-year exposure window must be treated as breached.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
