CVEFinder.io

CVE-2026-41035

⚠️ high
πŸ” Scan for this CVE
Summary

In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.

CVSS Score
7.4
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-04-16
First Seen: 2026-04-20
πŸ“Š Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 56.9% of all 329,456 vulnerabilities in our database.

#141,871
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Apr 16, 2026
πŸ” Exploitation Status
None
No known exploits
βš™οΈ Automatable
NO
Requires human interaction
πŸ’₯ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-05-21
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CWE IDs (Weakness Types)
CWE-130

πŸ“¦ Affected Products 1

Vendor Product Status Affected Versions
samba rsync Affected
> 3.0.1 < 3.4.1

πŸ”— References 5

https://github.com/RsyncProject/rsync/issues/871
Issue Tracking
https://github.com/RsyncProject/rsync/releases
Release Notes
https://www.openwall.com/lists/oss-security/2026/04/...
Exploit Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/04/16/9
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/04/22/3
Mailing List Third Party Advisory

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-43617 πŸ”Ά medium 4.8 0.0 Rsync versionΒ 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access... 2026-05-20
CVE-2026-43618 ⚠️ high 8.1 0.1 Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit ... 2026-05-20
CVE-2026-43619 πŸ”Ά medium 6.3 0.0 Rsync versionΒ 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod... 2026-05-20
CVE-2026-43620 πŸ”Ά medium 6.5 0.0 Rsync versionΒ 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receive... 2026-05-20
CVE-2026-45232 ℹ️ low 3.1 0.0 Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connect... 2026-05-20
CVE-2026-29518 ⚠️ high 7.0 0.0 Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that ... 2026-05-20
These CVEs affect the same products