CVE-2026-35091: Incorrect Check of Function Return Value in Red Hat Red Hat Enterprise Linux 10
CVE-2026-35091 is a vulnerability in the Corosync Cluster Engine used by Red Hat Enterprise Linux 10. It involves an incorrect check of a function return value in the membership commit token sanity check, which can be exploited remotely by an unauthenticated attacker via a specially crafted UDP packet. This flaw can cause an out-of-bounds read, leading to denial of service (DoS) and potential limited disclosure of memory contents. Red Hat has released security updates addressing this issue with a moderate severity rating in their advisories. The vulnerability has a CVSS 3. 1 base score of 8. 2, indicating high severity. Patches are available for multiple Red Hat Enterprise Linux 10 variants and related products. No known exploits in the wild have been reported.
AI Analysis
Technical Summary
The vulnerability CVE-2026-35091 affects the Corosync Cluster Engine in Red Hat Enterprise Linux 10. It arises from an incorrect validation of the return value during the membership commit token sanity check, which can be triggered by sending a crafted UDP packet. This leads to an out-of-bounds read condition, resulting in denial of service and possible limited information disclosure. Red Hat has issued security advisories (RHSA-2026:13644 and RHSA-2026:13657) providing patches for affected versions. The updates mitigate the issue by correcting the validation logic in Corosync. The vulnerability is rated high severity with a CVSS score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).
Potential Impact
Successful exploitation allows a remote unauthenticated attacker to cause a denial of service via an out-of-bounds read in Corosync, potentially disclosing limited memory contents. The impact includes service disruption and partial information leakage. No integrity impact is reported. There are no known exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released official security updates for Corosync in Red Hat Enterprise Linux 10 and 8 that address this vulnerability. Applying these updates will remediate the issue. Users should follow Red Hat's published guidance at https://access.redhat.com/articles/11258 to update affected packages. Since patches are available, remediation should be performed promptly to mitigate risk. No additional vendor-recommended mitigations are indicated.
CVE-2026-35091: Incorrect Check of Function Return Value in Red Hat Red Hat Enterprise Linux 10
Description
CVE-2026-35091 is a vulnerability in the Corosync Cluster Engine used by Red Hat Enterprise Linux 10. It involves an incorrect check of a function return value in the membership commit token sanity check, which can be exploited remotely by an unauthenticated attacker via a specially crafted UDP packet. This flaw can cause an out-of-bounds read, leading to denial of service (DoS) and potential limited disclosure of memory contents. Red Hat has released security updates addressing this issue with a moderate severity rating in their advisories. The vulnerability has a CVSS 3. 1 base score of 8. 2, indicating high severity. Patches are available for multiple Red Hat Enterprise Linux 10 variants and related products. No known exploits in the wild have been reported.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-35091 affects the Corosync Cluster Engine in Red Hat Enterprise Linux 10. It arises from an incorrect validation of the return value during the membership commit token sanity check, which can be triggered by sending a crafted UDP packet. This leads to an out-of-bounds read condition, resulting in denial of service and possible limited information disclosure. Red Hat has issued security advisories (RHSA-2026:13644 and RHSA-2026:13657) providing patches for affected versions. The updates mitigate the issue by correcting the validation logic in Corosync. The vulnerability is rated high severity with a CVSS score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).
Potential Impact
Successful exploitation allows a remote unauthenticated attacker to cause a denial of service via an out-of-bounds read in Corosync, potentially disclosing limited memory contents. The impact includes service disruption and partial information leakage. No integrity impact is reported. There are no known exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released official security updates for Corosync in Red Hat Enterprise Linux 10 and 8 that address this vulnerability. Applying these updates will remediate the issue. Users should follow Red Hat's published guidance at https://access.redhat.com/articles/11258 to update affected packages. Since patches are available, remediation should be performed promptly to mitigate risk. No additional vendor-recommended mitigations are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-04-01T11:35:23.145Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/errata/RHSA-2026:13644","vendor":"Red Hat"},{"url":"https://access.redhat.com/security/cve/CVE-2026-35091","vendor":"Red Hat"}]
Threat ID: 69cd1fdee6bfc5ba1dd19c0b
Added to database: 4/1/2026, 1:38:38 PM
Last enriched: 5/20/2026, 6:17:44 PM
Last updated: 5/20/2026, 9:37:47 PM
Views: 60
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.