8.2

CVE-2026-35091

Exploit

EPSS 0.99%
Veröffentlicht 01.04.2026 13:18:53
Zuletzt bearbeitet 13.05.2026 08:16:16
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Corosync: corosync: denial of service and information disclosure via crafted udp packet

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 17

NVD 6 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Corosync ≫ Corosync Version-

Redhat ≫ Openshift Version4.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Version10.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.99%	0.77

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-253 Incorrect Check of Function Return Value

The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions.

https://access.redhat.com/security/cve/CVE-2026-35091

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=2453169

Third Party Advisory

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=2453813

Issue Tracking

https://access.redhat.com/errata/RHSA-2026:13644

https://access.redhat.com/errata/RHSA-2026:13657

https://access.redhat.com/errata/RHSA-2026:13673

https://access.redhat.com/errata/RHSA-2026:14205

https://access.redhat.com/errata/RHSA-2026:14212

https://access.redhat.com/errata/RHSA-2026:14213

https://access.redhat.com/errata/RHSA-2026:14214

https://access.redhat.com/errata/RHSA-2026:14215

https://access.redhat.com/errata/RHSA-2026:14216

https://access.redhat.com/errata/RHSA-2026:14210

https://access.redhat.com/errata/RHSA-2026:14211

https://nvd.nist.gov/vuln/detail/CVE-2026-35091

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-35091

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-35091

EUVD