Insecure Temporary Directory Vulnerability in csync2 by SUSE
CVE-2026-41051

5.1MEDIUM

Key Information:

Vendor: Suse
Status: Opensuse Tumbleweed
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-41051?

The csync2 application contains a vulnerability that arises when it is compiled with C99 or later. This flaw allows attackers to exploit insecure temporary directories, creating a potential for Time-of-Check to Time-of-Use (TOCTOU) attacks. These attacks can lead to unauthorized access and manipulation of sensitive data within the temporary directory, compromising the integrity and security of the application.

Affected Version(s)

openSUSE Tumbleweed ? < 2.0+git.1600444747.83b3644-3.1

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41051

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Apr 16, 2026

Credit

Wolfgang Frisch of SUSE

CVE-2026-41051 Data

JSON

Suse

What is CVE-2026-41051?

Affected Version(s)

References

CVSS V4

Timeline

Credit