High severity7.5NVD Advisory· Published Apr 1, 2026· Updated May 6, 2026
CVE-2026-35092
CVE-2026-35092
Description
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
Affected products
6cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- bugzilla.redhat.com/show_bug.cginvdExploitThird Party Advisory
- access.redhat.com/security/cve/CVE-2026-35092nvdThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- access.redhat.com/errata/RHSA-2026:13644nvd
- access.redhat.com/errata/RHSA-2026:13657nvd
- access.redhat.com/errata/RHSA-2026:13673nvd
- access.redhat.com/errata/RHSA-2026:14205nvd
- access.redhat.com/errata/RHSA-2026:14210nvd
- access.redhat.com/errata/RHSA-2026:14211nvd
- access.redhat.com/errata/RHSA-2026:14212nvd
- access.redhat.com/errata/RHSA-2026:14213nvd
- access.redhat.com/errata/RHSA-2026:14214nvd
- access.redhat.com/errata/RHSA-2026:14215nvd
- access.redhat.com/errata/RHSA-2026:14216nvd
News mentions
0No linked articles in our index yet.