8.2 CVE-2026-35091

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration.
https://nvd.nist.gov/vuln/detail/CVE-2026-35091

Categories

CWE-253 : Incorrect Check of Function Return Value
Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function.

References

 

AFFECTED (from MITRE)

---

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux 10
Red Hat	Red Hat Enterprise Linux 7
Red Hat	Red Hat Enterprise Linux 8
Red Hat	Red Hat Enterprise Linux 9
Red Hat	Red Hat OpenShift Container Platform 4
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe	start	end
Configuration 1
cpe:2.3:a:corosync:corosync:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*

---

REMEDIATION

---

---

EXPLOITS

---

Exploit-db.com

id	description	date
No known exploits

---

POC Github

Url
No known exploits

---

Other Nist (github, ...)

Url
https://bugzilla.redhat.com/show_bug.cgi?id=2453169

---

CAPEC

---

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

---