CVE-2026-41035

Name
CVE-2026-41035
Description
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://github.com/RsyncProject/rsync/issues/871
cve@mitre.org https://github.com/RsyncProject/rsync/releases
cve@mitre.org https://www.openwall.com/lists/oss-security/2026/04/16/2
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2026/04/16/9
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2026/04/22/3

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:* rsync >= 3.0.1 <= 3.4.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
rsync edge-main 3.4.1-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
rsync edge-main 3.4.1-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync edge-main 3.4.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync edge-main 3.4.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync edge-main 3.3.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync edge-main 3.2.4-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync edge-main 3.2.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync edge-main 3.2.3-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync edge-main 3.2.3-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync edge-main 3.2.3-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync edge-main 3.1.2-r7 None possibly vulnerable
rsync 3.23-main 3.4.1-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
rsync 3.23-main 3.4.1-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.22-main 3.4.1-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
rsync 3.22-main 3.4.1-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.22-main 3.4.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.22-main 3.4.0-r0 None possibly vulnerable
rsync 3.22-main 3.2.4-r2 None possibly vulnerable
rsync 3.22-main 3.1.2-r7 None possibly vulnerable
rsync 3.21-main 3.4.1-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
rsync 3.21-main 3.4.1-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.21-main 3.4.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.21-main 3.3.0-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.21-main 3.3.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.21-main 3.2.4-r2 None possibly vulnerable
rsync 3.21-main 3.1.2-r7 None possibly vulnerable
rsync 3.20-main 3.4.1-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
rsync 3.20-main 3.4.1-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.20-main 3.4.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.20-main 3.3.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.20-main 3.2.4-r2 None possibly vulnerable
rsync 3.20-main 3.1.2-r7 None possibly vulnerable
rsync 3.19-main 3.4.1-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.19-main 3.4.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.19-main 3.2.7-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.19-main 3.2.4-r2 None possibly vulnerable
rsync 3.19-main 3.1.2-r7 None possibly vulnerable