CVE-2026-35092

Name of the Vulnerable Software and Affected Versions Corosync (affected versions not specified)

Description A flaw exists in Corosync where an integer overflow in the join message sanity validation can be triggered by sending crafted User Datagram Protocol (UDP) packets. This allows a remote, unauthenticated attacker to cause a denial of service by crashing the service. This vulnerability specifically impacts Corosync deployments using totemudp/totemudpu mode.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.