CVE-2026-41035 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run r…
High CVSS: 7.4

CVE-2026-41035

In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.
Vendor
-
Product
-
CWE
CWE-130
Yayın Tarihi
2026-04-16 07:16:31
Güncelleme
2026-04-16 07:16:31
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-130 HIGH 2026

Referanslar

https://github.com/RsyncProject/rsync/issues/871 https://github.com/RsyncProject/rsync/releases https://www.openwall.com/lists/oss-security/2026/04/16/2