Rsync · Rsync · CVE-2026-29518
**Name of the Vulnerable Software and Affected Versions**
rsync versions prior to 3.4.3
**Description**
A time-of-check to time-of-use (TOCTOU) race condition exists in the daemon file handling. This occurs when an rsync daemon is configured with the `chroot` setting set to false. A local attacker with write access to a module path can replace a parent directory component with a symbolic link between the time the receiver checks the path and the time it calls the `open()` function. This allows the attacker to redirect reads and writes outside the intended directories, enabling the disclosure of basis-files or the creation and overwriting of arbitrary files. If the daemon runs with elevated privileges, this can lead to privilege escalation.
**Recommendations**
Update to version 3.4.3 or later.
Ensure the `chroot` setting is set to true to prevent this issue.