Vulnerability-Lookup

WID-SEC-W-2026-1156

Vulnerability from csaf_certbund - Published: 2026-04-15 22:00 - Updated: 2026-05-27 22:00

Summary

Rsync: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Rsync ist ein Tool, um Dateien und Verzeichnisse zu synchronisieren.

Angriff: Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Rsync ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme: - Linux - UNIX

CVE-2026-41035

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Cryostat <4.2.0 Red Hat / Enterprise Linux		Cryostat <4.2.0
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux 9.4 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9.4`	9.4
Red Hat Enterprise Linux 10.0 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10.0`	10
Red Hat Enterprise Linux 9.2 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9.2`	9.2
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 9.6 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9.6`	9.6
Open Source Rsync 3.0.1-3.4.1 Open Source / Rsync	`cpe:/a:gnu:rsync:3.0.1_-_3.4.1`	3.0.1-3.4.1
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

References

28 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://github.com/advisories/GHSA-M34R-4V3R-PP9V	external
https://www.openwall.com/lists/oss-security/2026/…	external
https://linux.oracle.com/errata/ELSA-2026-17481.html	external
https://access.redhat.com/errata/RHSA-2026:17481	external
https://errata.build.resf.org/RLSA-2026:17481	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://access.redhat.com/errata/RHSA-2026:19152	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:19368	external
https://ubuntu.com/security/notices/USN-8283-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:20603	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:17789	external
https://access.redhat.com/errata/RHSA-2026:20601	external
https://access.redhat.com/errata/RHSA-2026:20696	external
https://access.redhat.com/errata/RHSA-2026:20604	external
https://access.redhat.com/errata/RHSA-2026:20602	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Rsync ist ein Tool, um Dateien und Verzeichnisse zu synchronisieren.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Rsync ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1156 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1156.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1156 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1156"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-04-15",
        "url": "https://github.com/advisories/GHSA-M34R-4V3R-PP9V"
      },
      {
        "category": "external",
        "summary": "OSS Security Mailing List vom 2026-04-15",
        "url": "https://www.openwall.com/lists/oss-security/2026/04/16/2"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-17481 vom 2026-05-15",
        "url": "https://linux.oracle.com/errata/ELSA-2026-17481.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:17481 vom 2026-05-14",
        "url": "https://access.redhat.com/errata/RHSA-2026:17481"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:17481 vom 2026-05-15",
        "url": "https://errata.build.resf.org/RLSA-2026:17481"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10775-1 vom 2026-05-15",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UH3SE4SO3IZF2PWJRHLWWOIK7NWMY2YJ/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20754-1 vom 2026-05-19",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VAZ7KF4UAAMPTSXI2PUP2PSUUGT76V7/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:19152 vom 2026-05-19",
        "url": "https://access.redhat.com/errata/RHSA-2026:19152"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21676-1 vom 2026-05-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026159.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2002-1 vom 2026-05-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026150.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:19368 vom 2026-05-19",
        "url": "https://access.redhat.com/errata/RHSA-2026:19368"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8283-1 vom 2026-05-20",
        "url": "https://ubuntu.com/security/notices/USN-8283-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21686-1 vom 2026-05-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026238.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2038-1 vom 2026-05-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026241.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:20603 vom 2026-05-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:20603"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21726-1 vom 2026-05-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026245.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21739-1 vom 2026-05-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026261.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2048-1 vom 2026-05-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026277.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:17789 vom 2026-05-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:17789"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:20601 vom 2026-05-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:20601"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:20696 vom 2026-05-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:20696"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:20604 vom 2026-05-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:20604"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:20602 vom 2026-05-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:20602"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21747-1 vom 2026-05-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026310.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2083-1 vom 2026-05-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026361.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21795-1 vom 2026-05-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026347.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Rsync: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2026-05-27T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-28T07:27:34.194+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1156",
      "initial_release_date": "2026-04-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-14T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
        },
        {
          "date": "2026-05-17T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation und openSUSE aufgenommen"
        },
        {
          "date": "2026-05-18T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-05-19T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat und SUSE aufgenommen"
        },
        {
          "date": "2026-05-20T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-05-21T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-05-25T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat und SUSE aufgenommen"
        },
        {
          "date": "2026-05-26T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-05-27T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "10"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0.1-3.4.1",
                "product": {
                  "name": "Open Source Rsync 3.0.1-3.4.1",
                  "product_id": "T052928",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gnu:rsync:3.0.1_-_3.4.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rsync"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8",
                "product": {
                  "name": "Red Hat Enterprise Linux 8",
                  "product_id": "T054066",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Cryostat \u003c4.2.0",
                "product": {
                  "name": "Red Hat Enterprise Linux Cryostat \u003c4.2.0",
                  "product_id": "T054651"
                }
              },
              {
                "category": "product_version",
                "name": "Cryostat 4.2.0",
                "product": {
                  "name": "Red Hat Enterprise Linux Cryostat 4.2.0",
                  "product_id": "T054651-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:cryostat__4.2.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.6",
                "product": {
                  "name": "Red Hat Enterprise Linux 9.6",
                  "product_id": "T054654",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:9.6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "10",
                "product": {
                  "name": "Red Hat Enterprise Linux 10.0",
                  "product_id": "T054679",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:10.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.2",
                "product": {
                  "name": "Red Hat Enterprise Linux 9.2",
                  "product_id": "T054701",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:9.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.4",
                "product": {
                  "name": "Red Hat Enterprise Linux 9.4",
                  "product_id": "T054702",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:9.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-41035",
      "product_status": {
        "known_affected": [
          "T054651",
          "T054066",
          "67646",
          "T054702",
          "T054679",
          "T054701",
          "T004914",
          "T032255",
          "T054654",
          "T052928",
          "T002207",
          "T000126",
          "T027843"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-41035"
    }
  ]
}

CVE-2026-41035 (GCVE-0-2026-41035)

Vulnerability from cvelistv5 – Published: 2026-04-16 06:53 – Updated: 2026-04-22 03:03

Summary

In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.

Severity

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-130 - Improper Handling of Length Parameter Inconsistency

Assigner

mitre

References

5 references

URL	Tags
https://www.openwall.com/lists/oss-security/2026/…
https://github.com/RsyncProject/rsync/releases
https://github.com/RsyncProject/rsync/issues/871
http://www.openwall.com/lists/oss-security/2026/04/16/9
http://www.openwall.com/lists/oss-security/2026/04/22/3

Impacted products

1 product

Vendor	Product	Version
Samba	rsync	Affected: 3.0.1 , ≤ 3.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41035",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T12:20:04.768680Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-16T12:30:58.505Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-22T03:03:52.565Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/16/9"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/22/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "rsync",
          "vendor": "Samba",
          "versions": [
            {
              "lessThanOrEqual": "3.4.1",
              "status": "affected",
              "version": "3.0.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "3.4.1",
                  "versionStartIncluding": "3.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-130",
              "description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-16T18:23:49.396Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/04/16/2"
        },
        {
          "url": "https://github.com/RsyncProject/rsync/releases"
        },
        {
          "url": "https://github.com/RsyncProject/rsync/issues/871"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-41035",
    "datePublished": "2026-04-16T06:53:05.237Z",
    "dateReserved": "2026-04-16T06:53:04.777Z",
    "dateUpdated": "2026-04-22T03:03:52.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1156

CVE-2026-41035 (GCVE-0-2026-41035)

Tags

Sightings

Nomenclature