CVE-2026-35091

EUVD-2026-17879
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
corosynccorosync
-
redhatopenshift
4.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
corosync
RHEL 8
0:3.1.8-1.el8_10.1
fixed
RHEL 8.4 AUS
0:3.1.0-3.el8_4.2
fixed
RHEL 8.6 E4S
0:3.1.5-2.el8_6.1
fixed
RHEL 8.6 TUS
0:3.1.5-2.el8_6.1
fixed
RHEL 8.8 E4S
0:3.1.7-1.el8_8.1
fixed
RHEL 8.8 TUS
0:3.1.7-1.el8_8.1
fixed
RHEL 9
0:3.1.9-2.el9_7.1
fixed
corosync-vqsim
RHEL 8
0:3.1.8-1.el8_10.1
fixed
RHEL 9
0:3.1.9-2.el9_7.1
fixed
corosynclib
RHEL 8
0:3.1.8-1.el8_10.1
fixed
RHEL 8.4 AUS
0:3.1.0-3.el8_4.2
fixed
RHEL 8.6 E4S
0:3.1.5-2.el8_6.1
fixed
RHEL 8.6 TUS
0:3.1.5-2.el8_6.1
fixed
RHEL 8.8 E4S
0:3.1.7-1.el8_8.1
fixed
RHEL 8.8 TUS
0:3.1.7-1.el8_8.1
fixed
RHEL 9
0:3.1.9-2.el9_7.1
fixed
corosynclib-devel
RHEL 8
0:3.1.8-1.el8_10.1
fixed
RHEL 8.4 AUS
0:3.1.0-3.el8_4.2
fixed
RHEL 8.6 E4S
0:3.1.5-2.el8_6.1
fixed
RHEL 8.6 TUS
0:3.1.5-2.el8_6.1
fixed
RHEL 8.8 E4S
0:3.1.7-1.el8_8.1
fixed
RHEL 8.8 TUS
0:3.1.7-1.el8_8.1
fixed
RHEL 9
0:3.1.9-2.el9_7.1
fixed
spausedd
RHEL 8
0:3.1.8-1.el8_10.1
fixed
RHEL 8.4 AUS
0:3.1.0-3.el8_4.2
fixed
RHEL 8.6 E4S
0:3.1.5-2.el8_6.1
fixed
RHEL 8.6 TUS
0:3.1.5-2.el8_6.1
fixed
RHEL 8.8 E4S
0:3.1.7-1.el8_8.1
fixed
RHEL 8.8 TUS
0:3.1.7-1.el8_8.1
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2026:13644
https://access.redhat.com/errata/RHSA-2026:13657
https://access.redhat.com/errata/RHSA-2026:13673
https://access.redhat.com/errata/RHSA-2026:14205
https://access.redhat.com/errata/RHSA-2026:14210
https://access.redhat.com/errata/RHSA-2026:14211
https://access.redhat.com/errata/RHSA-2026:14212
https://access.redhat.com/errata/RHSA-2026:14213
https://access.redhat.com/errata/RHSA-2026:14214
https://access.redhat.com/errata/RHSA-2026:14215
https://access.redhat.com/errata/RHSA-2026:14216
https://access.redhat.com/security/cve/CVE-2026-35091
https://bugzilla.redhat.com/show_bug.cgi?id=2453169
https://bugzilla.redhat.com/show_bug.cgi?id=2453813