{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2026-41035","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","state":"PUBLISHED","assignerShortName":"mitre","dateReserved":"2026-04-16T06:53:04.777Z","datePublished":"2026-04-16T06:53:05.237Z","dateUpdated":"2026-04-22T03:03:52.565Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","product":"rsync","vendor":"Samba","versions":[{"lessThanOrEqual":"3.4.1","status":"affected","version":"3.0.1","versionType":"semver"}]}],"descriptions":[{"lang":"en","value":"In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7.4,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-130","description":"CWE-130 Improper Handling of Length Parameter Inconsistency","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2026-04-16T18:23:49.396Z"},"references":[{"url":"https://www.openwall.com/lists/oss-security/2026/04/16/2"},{"url":"https://github.com/RsyncProject/rsync/releases"},{"url":"https://github.com/RsyncProject/rsync/issues/871"}],"x_generator":{"engine":"CVE-Request-form 0.0.1"},"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.1","versionEndIncluding":"3.4.1"}]}]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-16T12:20:04.768680Z","id":"CVE-2026-41035","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-16T12:30:58.505Z"}},{"title":"CVE Program Container","references":[{"url":"http://www.openwall.com/lists/oss-security/2026/04/16/9"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/22/3"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2026-04-22T03:03:52.565Z"}}]},"dataVersion":"5.2"}