In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.
References
| Link | Resource |
|---|---|
| https://github.com/RsyncProject/rsync/issues/871 | Issue Tracking |
| https://github.com/RsyncProject/rsync/releases | Release Notes |
| https://www.openwall.com/lists/oss-security/2026/04/16/2 | Exploit Mailing List Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2026/04/16/9 | Mailing List Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2026/04/22/3 | Mailing List Third Party Advisory |
Configurations
History
21 May 2026, 19:23
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/RsyncProject/rsync/issues/871 - Issue Tracking | |
| References | () https://github.com/RsyncProject/rsync/releases - Release Notes | |
| References | () https://www.openwall.com/lists/oss-security/2026/04/16/2 - Exploit, Mailing List, Third Party Advisory | |
| References | () http://www.openwall.com/lists/oss-security/2026/04/16/9 - Mailing List, Third Party Advisory | |
| References | () http://www.openwall.com/lists/oss-security/2026/04/22/3 - Mailing List, Third Party Advisory | |
| First Time |
Samba
Samba rsync |
|
| CPE | cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:* |
22 Apr 2026, 04:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
16 Apr 2026, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
16 Apr 2026, 07:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-16 07:16
Updated : 2026-05-21 19:23
NVD link : CVE-2026-41035
Mitre link : CVE-2026-41035
CVE.ORG link : CVE-2026-41035
JSON object : View
Products Affected
samba
- rsync
CWE
CWE-130
Improper Handling of Length Parameter Inconsistency