LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-35091

CVE-2026-35091 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: April 1, 2026

Corosync - Out of Bounds Read

Published: April 1, 2026Updated: April 1, 2026Remote Exploitable

Overview

Corosync contains an out-of-bounds read caused by a wrong return value in the membership commit token sanity check in totemudp mode, letting remote unauthenticated attackers cause denial of service and limited memory disclosure.

Severity & Score

Severity: High
CVSS Score: 8.2
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Remote attackers can cause denial of service and potentially disclose limited memory contents.

Mitigation

Update to the latest version of Corosync.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Apr 1, 2026

šŸŸ  CVE-2026-35091 - High (8.2) A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead t... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-35091/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 1, 2026

šŸŸ  CVE-2026-35091 - High (8.2) A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead t... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-35091/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 1, 2026

šŸŸ  CVE-2026-35091 - High (8.2) A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead t... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-35091/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 1, 2026

šŸŸ  CVE-2026-35091 - High (8.2) A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead t... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-35091/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-35091
Severity
High
CVSS Score
8.2
Type
out_of_bounds_rw
Status
unconfirmed
EPSS
0.0%
Social Posts
4

CWE

  • CWE-253

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days