CVE-2026-35091

CWE-25312 documents10 sources

Severity

8.2HIGH

EPSS

0.3%

top 43.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux Redhat Openshift

Timeline

PublishedApr 1

Latest updateApr 13

Description

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages1 packages

▶NVDredhat/openshift4.0

Also affects: Enterprise Linux 10.0, 7.0, 8.0, 9.0

🔴Vulnerability Details

VulDB

Corosync UDP Packet function return value (Nessus ID 306047)↗2026-04-13

▶

OSV

CVE-2026-35091: (A flaw was found in Corosync↗2026-04-02

▶

OSV

CVE-2026-35091: A flaw was found in Corosync↗2026-04-01

▶

CVEList

Corosync: corosync: denial of service and information disclosure via crafted udp packet↗2026-04-01

▶

GHSA

GHSA-hmg2-5h4j-37m9: A flaw was found in Corosync↗2026-04-01

▶

📋Vendor Advisories

Ubuntu

Corosync vulnerabilities↗2026-04-13

▶

Red Hat

corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet↗2026-04-01

▶

Debian

CVE-2026-35091: corosync - A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wr...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-35091 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-35091 corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet [fedora-all]↗2026-04-01

▶

Bugzilla

CVE-2026-35091 corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet↗2026-04-01

▶