Description

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration.

INFO

Published Date :

2026-04-01T13:18:53.738Z

Last Modified :

2026-05-06T20:40:45.680Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2026-35091 vulnerability.

Vendors Products
Corosync
  • Corosync
Redhat
  • Enterprise Linux
  • Enterprise Linux Eus
  • Openshift
  • Openshift Container Platform
  • Rhel Aus
  • Rhel E4s
  • Rhel Eus
  • Rhel Eus Long Life
  • Rhel Tus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-35091.

URL Resource
https://access.redhat.com/errata/RHSA-2026:13644 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:13657 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:13673 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:14205 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:14210 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:14211 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:14212 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:14213 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:14214 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:14215 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:14216 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2026-35091 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2453169 cve-icon cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2453813 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-35091 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-35091 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact