Description
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
Published: 2026-04-01
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Corosync contains an integer overflow in the validation of join messages. An unauthenticated, remote attacker can send specially crafted UDP packets to the Corosync service, which can trigger an overflow and cause the process to crash. The result is an interruption of the cluster service, leading to denial of service for the affected nodes. The flaw is specific to deployments that use the totemudp or totemudpu networking mode.

Affected Systems

The vulnerability affects Red Hat Enterprise Linux releases 10, 7, 8, 9 and Red Hat OpenShift Container Platform 4. Any operating system or platform that hosts Corosync with the affected networking mode and has exposed the default port (5405) to a network that can be reached by unauthenticated hosts is susceptible. No specific patch version information was included in the data, so all versions of these products that have Corosync running in the described mode should be considered vulnerable.

Risk and Exploitability

The CVSS base score of 7.5 indicates a high risk to availability. With no EPSS data available, the probability of exploitation cannot be quantified, but the flaw permits a simple, unauthenticated, remote attack via UDP to port 5405. ability to crash the cluster service without authentication makes this vulnerability easily exploitable in environments where Corosync is exposed to untrusted networks. Because it is not listed in the CISA KEV catalog, there is no evidence yet of widespread exploitation, yet the potential impact on cluster availability warrants prompt action.

Generated by OpenCVE AI on April 2, 2026 at 02:27 UTC.

Remediation

Vendor Workaround

Restrict network access to Corosync cluster communication ports. Configure firewall rules to limit incoming UDP traffic to the Corosync service (default port 5405) to only trusted hosts within the cluster. This will prevent unauthenticated remote attackers from sending crafted packets to exploit the vulnerability. A service restart may be required for firewall changes to take full effect.

OpenCVE Recommended Actions

  • Apply the vendor-provided patch or update for all affected Red Hat Enterprise Linux and OpenShift releases that contain the Corosync fix.
  • If a patch is not yet available, restrict inbound UDP traffic to port 5405 by configuring firewall rules to allow only trusted hosts that belong to the cluster.
  • After firewall changes, restart the Corosync service to ensure the new rules take effect.
  • Continuously monitor Corosync logs for unexpected join failures or process crashes to detect any attempted exploitation.

Generated by OpenCVE AI on April 2, 2026 at 02:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Container Platform
Vendors & Products Redhat openshift Container Platform

Thu, 02 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
Title Corosync: corosync: denial of service via integer overflow in join message validation
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-190
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Redhat Enterprise Linux Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-02T05:17:53.784Z

Reserved: 2026-04-01T11:35:23.146Z

Link: CVE-2026-35092

cve-icon Vulnrichment

Updated: 2026-04-01T13:30:10.667Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-01T14:16:57.237

Modified: 2026-04-01T14:23:37.727

Link: CVE-2026-35092

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-01T11:48:22Z

Links: CVE-2026-35092 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:17:36Z

Weaknesses