CVE-2026-35092

Corosync: corosync: denial of service via integer overflow in join message validation

Description

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.

INFO

Published Date :

2026-04-01T13:18:55.551Z

Last Modified :

2026-05-06T20:40:46.447Z

Source :

redhat

AFFECTED PRODUCTS

The following products are affected by CVE-2026-35092 vulnerability.

Vendors	Products
Corosync	Corosync
Redhat	Enterprise Linux Enterprise Linux Eus Openshift Openshift Container Platform Rhel Aus Rhel E4s Rhel Eus Rhel Eus Long Life Rhel Tus

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-35092.

URL	Resource
https://access.redhat.com/errata/RHSA-2026:13644
https://access.redhat.com/errata/RHSA-2026:13657
https://access.redhat.com/errata/RHSA-2026:13673
https://access.redhat.com/errata/RHSA-2026:14205
https://access.redhat.com/errata/RHSA-2026:14210
https://access.redhat.com/errata/RHSA-2026:14211
https://access.redhat.com/errata/RHSA-2026:14212
https://access.redhat.com/errata/RHSA-2026:14213
https://access.redhat.com/errata/RHSA-2026:14214
https://access.redhat.com/errata/RHSA-2026:14215
https://access.redhat.com/errata/RHSA-2026:14216
https://access.redhat.com/security/cve/CVE-2026-35092
https://bugzilla.redhat.com/show_bug.cgi?id=2453169
https://bugzilla.redhat.com/show_bug.cgi?id=2453814
https://nvd.nist.gov/vuln/detail/CVE-2026-35092
https://www.cve.org/CVERecord?id=CVE-2026-35092

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact