CVEFinder.io

CVE-2026-35092

⚠️ high
πŸ” Scan for this CVE
Summary

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.

CVSS Score
7.5
High
EPSS Score
1.0
Exploit Probability
Published Date
2026-04-01
First Seen: 2026-04-08
πŸ“Š Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.1% of all 318,071 vulnerabilities in our database.

#98,337
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Apr 1, 2026
πŸ” Exploitation Status
None
No known exploits
βš™οΈ Automatable
YES
Can be exploited automatically
πŸ’₯ Technical Impact
Partial
Limited system impact
πŸ† Discovered By
Red Hat would like to thank SebastiΓ‘n Alba Vives for reporting this issue.
SSVC data provided by CISA
Last Modified 2026-04-07
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-190

πŸ“¦ Affected Products 6

Vendor Product Status Affected Versions
redhat enterprise_linux Affected
v10.0
redhat enterprise_linux Affected
v7.0
redhat enterprise_linux Affected
v8.0
redhat enterprise_linux Affected
v9.0
redhat openshift Affected
v4.0
corosync corosync Affected
v-

πŸ”— References 3

https://access.redhat.com/security/cve/CVE-2026-35092
Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=2453169
Exploit Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2453814
Issue Tracking Third Party Advisory

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-4878 πŸ”Ά medium 6.7 0.0 A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition... 2026-04-09
CVE-2026-35091 ⚠️ high 8.2 0.3 A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Co... 2026-04-01
CVE-2026-5121 ⚠️ high 7.5 0.1 A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer ... 2026-03-30
CVE-2026-28368 ⚠️ high 8.7 0.1 A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where ... 2026-03-27
CVE-2026-28369 ⚠️ high 8.7 0.1 A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more... 2026-03-27
CVE-2026-4897 πŸ”Ά medium 5.5 0.0 A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to th... 2026-03-26
These CVEs affect the same products