Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Workaround
Disable the Pacemaker CIB remote listener if it is not actively used. If the listener is required, restrict network access to trusted hosts by configuring firewall rules to limit inbound connections to the `remote-port` or `remote-tls-port`. These actions reduce the attack surface by limiting unauthenticated network exposure to the vulnerable component. A restart of the Pacemaker service may be necessary for these changes to be fully applied.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 17 Jul 2026 03:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat enterprise Linux Eus
Redhat rhel Eus |
|
| CPEs | cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/a:redhat:rhel_eus:9.6::highavailability cpe:/a:redhat:rhel_eus:9.6::resilientstorage cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Vendors & Products |
Redhat enterprise Linux Eus
Redhat rhel Eus |
|
| References |
|
Thu, 16 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/a:redhat:rhel_e4s:9.4::highavailability cpe:/a:redhat:rhel_e4s:9.4::resilientstorage |
|
| References |
|
Thu, 16 Jul 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat rhel E4s
|
|
| CPEs | cpe:/a:redhat:rhel_e4s:9.2::highavailability cpe:/a:redhat:rhel_e4s:9.2::resilientstorage |
|
| Vendors & Products |
Redhat rhel E4s
|
|
| References |
|
Thu, 16 Jul 2026 14:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/o:redhat:enterprise_linux:10.2 | |
| References |
|
Tue, 14 Jul 2026 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::highavailability cpe:/a:redhat:enterprise_linux:9::resilientstorage |
|
| References |
|
Tue, 14 Jul 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::highavailability cpe:/a:redhat:enterprise_linux:8::resilientstorage |
|
| References |
|
Fri, 26 Jun 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Clusterlabs
Clusterlabs pacemaker Redhat openshift Container Platform |
|
| Vendors & Products |
Clusterlabs
Clusterlabs pacemaker Redhat openshift Container Platform |
Thu, 18 Jun 2026 04:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 17 Jun 2026 05:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Tue, 16 Jun 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 16 Jun 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial of service (DoS) in the CIB remote listener. This can result in the affected service crashing. | |
| Title | Pacemaker: pacemaker: denial of service via integer overflow in remote message decompression | |
| First Time appeared |
Redhat
Redhat enterprise Linux Redhat openshift |
|
| Weaknesses | CWE-190 | |
| CPEs | cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
| Vendors & Products |
Redhat
Redhat enterprise Linux Redhat openshift |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-17T02:39:08.800Z
Reserved: 2026-06-02T15:15:07.547Z
Link: CVE-2026-10649
Updated: 2026-06-16T17:42:34.626Z
Status : Awaiting Analysis
Published: 2026-06-16T17:16:30.773
Modified: 2026-06-16T19:16:30.490
Link: CVE-2026-10649
OpenCVE Enrichment
Updated: 2026-06-26T09:45:11Z