Csync2 Insecure Temp Dir - TOCTOU via C99 Build
CVE-2026-41051 Published on May 13, 2026
csync2 uses insecure temporary directories when compiled with C99 or later
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories.
Vulnerability Analysis
CVE-2026-41051 can be exploited with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
What is a TOCTTOU Vulnerability?
The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state. This weakness can be security-relevant when an attacker can influence the state of the resource between check and use. This can happen with shared resources such as files, memory, or even variables in multithreaded programs.
CVE-2026-41051 has been classified to as a TOCTTOU vulnerability or weakness.
Affected Versions
openSUSE Tumbleweed:- Version ? and below 2.0+git.1600444747.83b3644-3.1 is affected.