CVE Vulnerabilities

CVE-2026-41035

Improper Handling of Length Parameter Inconsistency

Published: Apr 16, 2026 | Modified: Jul 10, 2026
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
7.4 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Ubuntu
LOW
root.io logo minimus.io logo echo.ai logo

In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka –xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.

Weakness

The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

Affected Software

NameVendorStart VersionEnd Version
RsyncSamba3.0.1 (including)3.4.1 (including)
Red Hat Enterprise Linux 10RedHatrsync-0:3.4.1-6.el10_2*
Red Hat Enterprise Linux 10.0 Extended Update SupportRedHatrsync-0:3.4.1-2.el10_0.2*
Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRedHatrsync-0:3.0.6-12.el6_10.3*
Red Hat Enterprise Linux 7 Extended Lifecycle SupportRedHatrsync-0:3.1.2-12.el7_9.3*
Red Hat Enterprise Linux 8RedHatrsync-0:3.1.3-25.el8_10*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRedHatrsync-0:3.1.3-12.el8_4.7*
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRedHatrsync-0:3.1.3-12.el8_4.7*
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRedHatrsync-0:3.1.3-14.el8_6.10*
Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRedHatrsync-0:3.1.3-14.el8_6.10*
Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRedHatrsync-0:3.1.3-20.el8_8.5*
Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRedHatrsync-0:3.1.3-20.el8_8.5*
Red Hat Enterprise Linux 9RedHatrsync-0:3.2.5-7.el9_8*
Red Hat Enterprise Linux 9RedHatrsync-0:3.2.5-7.el9_8*
Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRedHatrsync-0:3.2.3-9.el9_0.5*
Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRedHatrsync-0:3.2.3-19.el9_2.3*
Red Hat Enterprise Linux 9.4 Extended Update SupportRedHatrsync-0:3.2.3-19.el9_4.3*
Red Hat Enterprise Linux 9.6 Extended Update SupportRedHatrsync-0:3.2.5-3.el9_6.1*
Red Hat OpenShift Container Platform 4.13RedHatrhcos-413.92.202606160406-0*
Red Hat OpenShift Container Platform 4.14RedHatrhcos-414.92.202606231112-0*
Red Hat OpenShift Container Platform 4.15RedHatrhcos-415.92.202606030318-0*
Red Hat OpenShift Container Platform 4.16RedHatrhcos-416.94.202606051757-0*
Red Hat OpenShift Container Platform 4.17RedHatrhcos-417.94.202606250942-0*
Red Hat OpenShift Container Platform 4.18RedHatrhcos-418.94.202606051320-0*
Red Hat OpenShift Container Platform 4.19RedHatrhcos-4.19.9.6.202606031700-0*
Red Hat Discovery 2RedHatdiscovery/discovery-ui-rhel9:1782166952*
RsyncUbuntudevel*
RsyncUbuntuesm-infra-legacy/trusty*
RsyncUbuntuesm-infra-legacy/xenial*
RsyncUbuntuesm-infra/bionic*
RsyncUbuntuesm-infra/focal*
RsyncUbuntuesm-infra/xenial*
RsyncUbuntujammy*
RsyncUbuntunoble*
RsyncUbuntuquesting*
RsyncUbunturesolute*

Potential Mitigations

References