CVE-2026-10649: Integer Overflow or Wraparound in Red Hat Red Hat Enterprise Linux 10
CVE-2026-10649 is an integer overflow vulnerability in the Pacemaker component of Red Hat Enterprise Linux 10. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted compressed message before authentication, causing memory corruption and resulting in a denial of service (DoS) by crashing the CIB remote listener service.
AI Analysis
Technical Summary
This vulnerability involves an integer overflow or wraparound in the remote message decompression process of Pacemaker on Red Hat Enterprise Linux 10. The flaw allows an unauthenticated remote attacker to send a maliciously crafted compressed message that triggers memory corruption. This leads to a denial of service condition by crashing the CIB remote listener, impacting the availability of the affected service. The CVSS 3.1 score is 8.6, indicating high severity with network attack vector, low attack complexity, no privileges or user interaction required, and impacts on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation results in memory corruption causing the CIB remote listener service to crash, leading to denial of service. There is limited impact on confidentiality and integrity, but availability is severely affected due to service disruption.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-10649 for current remediation guidance. No official fix or workaround is explicitly stated in the provided advisory content. Users should monitor the vendor advisory for updates and apply patches once available.
CVE-2026-10649: Integer Overflow or Wraparound in Red Hat Red Hat Enterprise Linux 10
Description
CVE-2026-10649 is an integer overflow vulnerability in the Pacemaker component of Red Hat Enterprise Linux 10. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted compressed message before authentication, causing memory corruption and resulting in a denial of service (DoS) by crashing the CIB remote listener service.
CVSS v3.1
Score 8.6high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves an integer overflow or wraparound in the remote message decompression process of Pacemaker on Red Hat Enterprise Linux 10. The flaw allows an unauthenticated remote attacker to send a maliciously crafted compressed message that triggers memory corruption. This leads to a denial of service condition by crashing the CIB remote listener, impacting the availability of the affected service. The CVSS 3.1 score is 8.6, indicating high severity with network attack vector, low attack complexity, no privileges or user interaction required, and impacts on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation results in memory corruption causing the CIB remote listener service to crash, leading to denial of service. There is limited impact on confidentiality and integrity, but availability is severely affected due to service disruption.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-10649 for current remediation guidance. No official fix or workaround is explicitly stated in the provided advisory content. Users should monitor the vendor advisory for updates and apply patches once available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-06-02T15:15:07.547Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-10649","vendor":"Red Hat"}]
Threat ID: 6a3196620b89be688808a43b
Added to database: 6/16/2026, 6:30:58 PM
Last enriched: 6/16/2026, 6:46:25 PM
Last updated: 6/17/2026, 4:23:50 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.