Red Hat Security Advisory: rsync security update
Two security vulnerabilities have been identified in the rsync utility used in Red Hat Enterprise Linux 9. 2 and related products. The first is an out-of-bounds array access via a negative index (CVE-2025-10158), and the second is a use-after-free vulnerability in extended attribute handling (CVE-2026-41035). These issues could potentially lead to memory corruption or crashes. Red Hat has released updated rsync packages addressing these vulnerabilities. The update is rated as Important by Red Hat Product Security. There is no indication of known exploits in the wild at this time.
AI Analysis
Technical Summary
The rsync utility, which synchronizes files efficiently by sending only differences, contains two vulnerabilities: an out-of-bounds array access triggered by a negative index (CVE-2025-10158) and a use-after-free vulnerability in handling extended attributes (CVE-2026-41035). Both vulnerabilities affect Red Hat Enterprise Linux 9.2 and related variants. Red Hat has issued security updates that fix these issues. The advisory does not provide CVSS scores but rates the impact as Important. No exploits are currently known in the wild.
Potential Impact
Successful exploitation of these vulnerabilities could lead to memory corruption issues such as crashes or potentially arbitrary code execution due to out-of-bounds access and use-after-free conditions in rsync. The exact impact details and CVSS scores are not provided in the advisory. There are no known active exploits targeting these vulnerabilities at this time.
Mitigation Recommendations
Red Hat has released updated rsync packages for affected versions of Red Hat Enterprise Linux 9.2 and related products. Users should apply these official updates promptly to remediate the vulnerabilities. For detailed update instructions, refer to Red Hat's advisory and article at https://access.redhat.com/articles/11258. No additional mitigation steps are indicated or required beyond applying the provided patches.
Red Hat Security Advisory: rsync security update
Description
Two security vulnerabilities have been identified in the rsync utility used in Red Hat Enterprise Linux 9. 2 and related products. The first is an out-of-bounds array access via a negative index (CVE-2025-10158), and the second is a use-after-free vulnerability in extended attribute handling (CVE-2026-41035). These issues could potentially lead to memory corruption or crashes. Red Hat has released updated rsync packages addressing these vulnerabilities. The update is rated as Important by Red Hat Product Security. There is no indication of known exploits in the wild at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The rsync utility, which synchronizes files efficiently by sending only differences, contains two vulnerabilities: an out-of-bounds array access triggered by a negative index (CVE-2025-10158) and a use-after-free vulnerability in handling extended attributes (CVE-2026-41035). Both vulnerabilities affect Red Hat Enterprise Linux 9.2 and related variants. Red Hat has issued security updates that fix these issues. The advisory does not provide CVSS scores but rates the impact as Important. No exploits are currently known in the wild.
Potential Impact
Successful exploitation of these vulnerabilities could lead to memory corruption issues such as crashes or potentially arbitrary code execution due to out-of-bounds access and use-after-free conditions in rsync. The exact impact details and CVSS scores are not provided in the advisory. There are no known active exploits targeting these vulnerabilities at this time.
Mitigation Recommendations
Red Hat has released updated rsync packages for affected versions of Red Hat Enterprise Linux 9.2 and related products. Users should apply these official updates promptly to remediate the vulnerabilities. For detailed update instructions, refer to Red Hat's advisory and article at https://access.redhat.com/articles/11258. No additional mitigation steps are indicated or required beyond applying the provided patches.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:20602
- Cve Count
- 2
- Additional Cves
- ["CVE-2026-41035"]
- Cvss Version
- null
Threat ID: 6a16097be29bf47b5064777c
Added to database: 5/26/2026, 8:58:35 PM
Last enriched: 5/26/2026, 10:21:28 PM
Last updated: 5/27/2026, 5:03:35 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.