CVE-2026-35092 identifies an integer overflow vulnerability in the Corosync cluster engine component of Red Hat Enterprise Linux 10. Corosync is a key component used for cluster communication and membership management, often deployed in high-availability and fault-tolerant systems. The vulnerability arises during the join message sanity validation process when Corosync is configured to use the totemudp or totemudp mode, which relies on UDP packets for cluster communication. An attacker can craft malicious UDP packets that cause an integer overflow or wraparound in the validation logic. This overflow leads to memory corruption that crashes the Corosync service, resulting in denial of service. The flaw can be exploited remotely without any authentication or user interaction, making it highly accessible to attackers. Although the vulnerability does not allow for code execution or data compromise, the loss of cluster communication can disrupt critical services dependent on Corosync for coordination and failover. The CVSS v3.1 score of 7.5 reflects the high impact on availability and ease of exploitation. No patches or exploits are currently publicly documented, but the risk remains significant for affected deployments. Organizations using Red Hat Enterprise Linux 10 with Corosync in totemudp mode should assess their exposure and apply mitigations promptly.

The primary impact of CVE-2026-35092 is a denial of service condition caused by crashing the Corosync cluster engine. This can disrupt cluster communication and coordination, potentially causing failover mechanisms to malfunction or services to become unavailable. Enterprises relying on Red Hat Enterprise Linux 10 clusters for critical infrastructure, databases, or telecommunications may experience outages or degraded performance. Since the vulnerability can be exploited remotely without authentication, attackers can easily target exposed UDP ports to trigger service disruption. Although confidentiality and integrity are not directly affected, the availability impact can lead to significant operational and financial consequences, especially in environments requiring high uptime and reliability. The lack of known exploits in the wild currently limits immediate widespread attacks, but the vulnerability remains a high risk until patched or mitigated.

1. Apply official patches from Red Hat as soon as they become available to address the integer overflow in Corosync. 2. If patches are not yet available, consider disabling or restricting access to the UDP ports used by Corosync's totemudp mode via firewall rules to limit exposure to untrusted networks. 3. Monitor network traffic for unusual or malformed UDP packets targeting Corosync to detect potential exploitation attempts. 4. Review cluster configurations to determine if totemudp mode is in use and evaluate the necessity of this mode; consider alternative configurations if feasible. 5. Implement network segmentation to isolate cluster communication from external or less trusted networks. 6. Maintain up-to-date intrusion detection/prevention systems capable of identifying anomalous UDP traffic patterns. 7. Conduct regular backups and have failover plans tested to minimize downtime impact in case of service disruption. 8. Engage with Red Hat support for guidance and early access to patches or workarounds.