Skip to main content

Red Hat Enterprise Linux 10 CVE-2026-35092

| EUVDEUVD-2026-17881 HIGH
Integer Overflow or Wraparound (CWE-190)
2026-04-01 redhat GHSA-g4g9-h6f9-v5x2
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative
Red Hat
7.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch released
Apr 01, 2026 - 20:30 nvd
Patch available
EUVD ID Assigned
Apr 01, 2026 - 13:30 euvd
EUVD-2026-17881
Analysis Generated
Apr 01, 2026 - 13:30 vuln.today
CVE Published
Apr 01, 2026 - 13:18 nvd
HIGH 7.5

DescriptionCVE.org

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.

AnalysisAI

Remote denial of service via integer overflow in Corosync cluster engine affects Red Hat Enterprise Linux 7-10 and OpenShift Container Platform 4. Unauthenticated attackers can send crafted UDP packets to crash Corosync services running in totemudp/totemudpu mode (CVSS 7.5, AV:N/PR:N). EPSS data not provided; no public exploit identified at time of analysis. Impacts high-availability cluster deployments where Corosync provides quorum and messaging services.

Technical ContextAI

Corosync is a cluster communication engine used in high-availability Linux environments to provide group messaging, quorum, and membership services. This vulnerability (CWE-190: Integer Overflow or Wraparound) affects the join message sanity validation logic when Corosync operates in totemudp or totemudpu transport modes-UDP-based communication protocols for cluster membership. An integer overflow in message parsing allows malformed UDP packets to bypass validation checks, triggering memory corruption or logic errors that crash the daemon. Affected products include Red Hat Enterprise Linux (RHEL) 7, 8, 9, and 10, plus Red Hat OpenShift Container Platform 4, all of which bundle Corosync for HA cluster services (per CPE strings cpe:2.3:a:red_hat:red_hat_enterprise_linux_*). The vulnerability requires Corosync to be configured with UDP transports; deployments using other transport modes (e.g., knet) are not affected.

RemediationAI

Patch availability per vendor advisory not independently confirmed from available data; consult Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-35092 and track Red Hat Bugzilla entries 2453169 and 2453814 for patch release announcements. As interim mitigation, organizations can switch Corosync transport from totemudp/totemudpu to knet mode if supported by their RHEL version and cluster configuration, which eliminates exposure to this UDP-based vulnerability. Network-level controls such as restricting UDP access to Corosync ports (default 5405) to trusted cluster nodes via firewall rules or VLANs reduce attack surface. Monitor cluster stability and review Corosync logs for unexpected crashes or malformed message warnings. Apply vendor-released patches immediately upon availability to affected RHEL 7, 8, 9, 10, and OpenShift 4 deployments.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5674 HIGH
8.8 Jul 16

Sandbox escape in PipeWire's PulseAudio compatibility layer lets a low-privileged process inside a confined environment

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 16.1 Fixed
SUSE Linux Enterprise Server for SAP applications 16.1 Fixed
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise High Availability Extension 12 SP5 Fixed

Share

CVE-2026-35092 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy