2458898 – (CVE-2026-41035) CVE-2026-41035 rsync: Rsync: Use-after-free vulnerability in extended attribute handling

Bug 2458898 (CVE-2026-41035) - CVE-2026-41035 rsync: Rsync: Use-after-free vulnerability in extended attribute handling

Summary: CVE-2026-41035 rsync: Rsync: Use-after-free vulnerability in extended attribu...

Keywords:
Status:	NEW
Alias:	CVE-2026-41035
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2459113 2459114 2459115
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-16 08:01 UTC by OSIDB Bzimport
Modified:	2026-05-14 15:58 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2026:17591	None	None	None	2026-05-14 13:45:12 UTC
Red Hat Product Errata	RHBA-2026:17592	None	None	None	2026-05-14 13:35:38 UTC
Red Hat Product Errata	RHBA-2026:17652	None	None	None	2026-05-14 15:58:52 UTC
Red Hat Product Errata	RHSA-2026:17481	None	None	None	2026-05-14 09:19:07 UTC

Description OSIDB Bzimport 2026-04-16 08:01:17 UTC

In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.

Comment 5 errata-xmlrpc 2026-05-14 09:19:06 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:17481 https://access.redhat.com/errata/RHSA-2026:17481

Note You need to log in before you can comment on or make changes to this bug.