Skip to main content

csync2 CVE-2026-41051

| EUVDEUVD-2026-29920 MEDIUM
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2026-05-13 suse GHSA-7mqw-hr29-pj76
5.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
3.1 LOW
AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

4
CVSS changed
May 13, 2026 - 15:52 NVD
5.0 (MEDIUM) 5.1 (MEDIUM)
Patch available
May 13, 2026 - 10:02 EUVD
Analysis Generated
May 13, 2026 - 10:00 vuln.today
CVE Published
May 13, 2026 - 08:37 nvd
MEDIUM 5.0

DescriptionCVE.org

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories.

AnalysisAI

csync2 compiled with C99 or later creates insecure temporary directories vulnerable to time-of-check-time-of-use (TOCTOU) attacks, allowing local authenticated users with user interaction to cause denial of service through symlink or directory manipulation. The vulnerability affects OpenSUSE Tumbleweed and requires local access with low privileges and user interaction to exploit.

Technical ContextAI

csync2 is a file synchronization tool that relies on temporary directory creation during operation. When compiled with C99 or later C standards, the temporary directory handling mechanism fails to implement secure, race-condition-resistant creation patterns. The TOCTOU vulnerability class occurs when the code checks for directory existence and then creates it in separate operations, allowing an attacker to inject a symlink or create the directory between the check and the creation, leading to potential denial of service or file manipulation. The vulnerability is specific to compilation with modern C standards, suggesting the code may use standard library functions that changed behavior or the compiler optimization levels that expose timing windows in the temporary file creation sequence.

RemediationAI

Apply the security patch released by SUSE for OpenSUSE Tumbleweed, available through standard package management (zypper update csync2). The fix implements secure temporary directory creation using functions resistant to TOCTOU attacks, such as mkdtemp() with proper error handling or temporary file creation via secure APIs. For systems where immediate patching is not possible, restrict csync2 usage to trusted local users only by removing the binary from PATH for untrusted accounts, or disable csync2 entirely if not actively required. Monitor csync2 process execution and temporary directory activity using auditd or similar tools to detect exploitation attempts. Note that no workaround exists without patching; the vulnerability is inherent to the temporary directory creation logic.

Vendor StatusVendor

SUSE

Severity: Low
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise High Availability Extension 15 SP4 Affected
SUSE Linux Enterprise High Availability Extension 15 SP5 Affected
SUSE Linux Enterprise High Availability Extension 15 SP6 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected

Share

CVE-2026-41051 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy