CVE-2026-41035

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions rsync versions 3.0.1 through 3.4.1

Description The receive xattr() function relies on an untrusted length value during a qsort() call, which can lead to a use-after-free condition on the receiver side. This occurs when the victim runs the software with the -X (or --xattrs) option. While many common configurations on Linux are affected, non-Linux platforms are more widely susceptible.

Recommendations Update rsync to a version later than 3.4.1. As a temporary workaround, avoid running rsync with the -X or --xattrs option.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-130

Related Identifiers

ALSA-2026:17481

ALSA-2026:19152

ALSA-2026:19368

CVE-2026-41035

ECHO-96CC-2C47-FEAB

OESA-2026-2150

OPENSUSE-SU-2026:10775-1

RHSA-2026:17481

RHSA-2026:19152

USN-8283-1

USN-8349-1

Affected Products

Linuxmint

Rocky Linux

Ubuntu

Rsync

CVE-2026-41035

Weakness Enumeration

Related Identifiers

Affected Products

References · 52