CVE-2026-35092

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-35092
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2026:13644
https://access.redhat.com/errata/RHSA-2026:13657
https://access.redhat.com/errata/RHSA-2026:13673
https://access.redhat.com/errata/RHSA-2026:14205
https://access.redhat.com/errata/RHSA-2026:14210
https://access.redhat.com/errata/RHSA-2026:14211
https://access.redhat.com/errata/RHSA-2026:14212
https://access.redhat.com/errata/RHSA-2026:14213
https://access.redhat.com/errata/RHSA-2026:14214
https://access.redhat.com/errata/RHSA-2026:14215
https://access.redhat.com/errata/RHSA-2026:14216
https://access.redhat.com/errata/RHSA-2026:19043
https://access.redhat.com/errata/RHSA-2026:19200
https://access.redhat.com/errata/RHSA-2026:20916
https://access.redhat.com/security/cve/CVE-2026-35092 Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=2453169 Exploit Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2453814 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:corosync:corosync:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
History

26 May 2026, 16:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:20916 -

19 May 2026, 22:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:19200 -

19 May 2026, 16:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:19043 -

06 May 2026, 21:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:14210 -
  • () https://access.redhat.com/errata/RHSA-2026:14211 -

06 May 2026, 17:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:14212 -
  • () https://access.redhat.com/errata/RHSA-2026:14213 -
  • () https://access.redhat.com/errata/RHSA-2026:14214 -
  • () https://access.redhat.com/errata/RHSA-2026:14215 -
  • () https://access.redhat.com/errata/RHSA-2026:14216 -

06 May 2026, 16:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:14205 -

05 May 2026, 16:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:13673 -

05 May 2026, 11:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:13657 -

05 May 2026, 10:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:13644 -

07 Apr 2026, 16:35

Type Values Removed Values Added
First Time Redhat
Redhat enterprise Linux
Redhat openshift
Corosync
Corosync corosync
CPE cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:corosync:corosync:-:*:*:*:*:*:*:*
References () https://access.redhat.com/security/cve/CVE-2026-35092 - () https://access.redhat.com/security/cve/CVE-2026-35092 - Third Party Advisory, VDB Entry
References () https://bugzilla.redhat.com/show_bug.cgi?id=2453169 - () https://bugzilla.redhat.com/show_bug.cgi?id=2453169 - Exploit, Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2453814 - () https://bugzilla.redhat.com/show_bug.cgi?id=2453814 - Issue Tracking, Third Party Advisory

01 Apr 2026, 14:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-04-01 14:16

Updated : 2026-05-26 16:16

NVD link : CVE-2026-35092

Mitre link : CVE-2026-35092

CVE.ORG link : CVE-2026-35092

JSON object : View

Products Affected

corosync

  • corosync

redhat

  • openshift
  • enterprise_linux
CWE
CWE-190

Integer Overflow or Wraparound