{"id":"CVE-2026-41035","details":"In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.","modified":"2026-05-01T04:32:44.343082Z","published":"2026-04-16T06:53:05.237Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41035.json","cwe_ids":["CWE-130"]},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/04/16/9"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/04/22/3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41035.json"},{"type":"REPORT","url":"https://github.com/RsyncProject/rsync/issues/871"},{"type":"PACKAGE","url":"https://github.com/RsyncProject/rsync/releases"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41035"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/04/16/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rsyncproject/rsync","events":[{"introduced":"325c243210cdb3e8467e78f673043661f86fdf74"},{"last_affected":"3305a7a063ab0167cab5bf7029da53abaa9fdb6e"}],"database_specific":{"extracted_events":[{"introduced":"3.0.1"},{"last_affected":"3.4.1"}],"source":"AFFECTED_FIELD"}}],"versions":["v3.0.1","v3.0.2","v3.0.3","v3.0.3pre1","v3.0.3pre2","v3.0.3pre3","v3.1.0","v3.1.0pre1","v3.1.1","v3.1.1pre1","v3.1.1pre2","v3.1.2","v3.1.2pre1","v3.1.3","v3.1.3pre1","v3.2.0","v3.2.0pre1","v3.2.0pre2","v3.2.0pre3","v3.2.1","v3.2.1pre1","v3.2.2","v3.2.2pre1","v3.2.2pre2","v3.2.2pre3","v3.2.3","v3.2.3pre1","v3.2.4","v3.2.4pre1","v3.2.4pre2","v3.2.4pre3","v3.2.4pre4","v3.2.5","v3.2.5pre1","v3.2.5pre2","v3.2.6","v3.2.7","v3.2.7pre1","v3.3.0","v3.3.0pre1","v3.4.0","v3.4.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-41035.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}]}