CVE-2026-43619

HIGH EPSS 3.4%
Published May 20, 20261mo ago · Modified Jun 17, 20261w ago
7.2 CVSS 4.0
High
Find Similar
Published May 20, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module. Attackers with local filesystem access can exploit the timing window between path resolution and syscall execution by swapping symlinks to apply sender-supplied permissions, ownership, timestamps, or filenames to arbitrary files outside the intended module boundary on rsync daemons configured with 'use chroot = no'.

CVSS Details

Base Score
7.2
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
3.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-367
CWE-59

Affected Products 1

VendorProductVersionRange
sambarsync* ≤3.4.2

References 3

  • github.com https://github.com/RsyncProject/rsync/releases/tag/v3.4.3
    Release Notes
  • github.com https://github.com/RsyncProject/rsync/security/advisories/GHSA-4h9m-w5ff-j735
    Vendor Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/rsync-symlink-race-condition-via-path-based-syscalls
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.