Cyber Resilience

CVE-2026-35092

HighPublic PoCUpdated

Published: 01 April 2026

Published
01 April 2026
Modified
26 May 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0031 54.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-35092 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 45.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-35092 is an integer overflow vulnerability in Corosync's join message sanity validation. It affects Corosync deployments specifically configured to use totemudp or totemudpu mode. The flaw, published on 2026-04-01, allows crafted User Datagram Protocol (UDP) packets to trigger the overflow, and it is classified under CWE-190 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted UDP packets to a vulnerable Corosync instance. Successful exploitation causes the service to crash, resulting in a denial of service condition with high availability impact but no confidentiality or integrity effects.

Red Hat has published a security advisory for this issue at https://access.redhat.com/security/cve/CVE-2026-35092, along with related Bugzilla tracking entries at https://bugzilla.redhat.com/show_bug.cgi?id=2453169 and https://bugzilla.redhat.com/show_bug.cgi?id=2453814.

EU & UK References

Vulnerability details

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial…

more

of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The integer overflow in Corosync's UDP join message handling allows remote crafted packets to crash the service, directly enabling Endpoint Denial of Service via Application or System Exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-35091Same product: Corosync Corosync
CVE-2026-33040Shared CWE-190
CVE-2026-4271Same product: Redhat Enterprise Linux
CVE-2026-6773Shared CWE-190
CVE-2026-27951Shared CWE-190
CVE-2025-29072Shared CWE-190
CVE-2025-24528Shared CWE-190
CVE-2026-28952Shared CWE-190
CVE-2026-33666Shared CWE-190
CVE-2026-31814Shared CWE-190

Affected Assets

corosync
corosync
all versions
redhat
openshift
4.0
redhat
enterprise linux
10.0, 7.0, 8.0, 9.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Implements input validation mechanisms to directly prevent integer overflows from crafted UDP join messages in Corosync's sanity checks.

prevent

Requires timely identification, reporting, and remediation of flaws like the Corosync integer overflow vulnerability through patching.

prevent

Provides denial-of-service protections to limit or block crafted UDP packets that trigger Corosync service crashes.

References