CVE-2026-43617

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3

Description An authorization bypass exists in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record (a DNS record that maps an IP address to a hostname) for their source IP address. This allows connections from hostnames that administrators intended to deny in scenarios where reverse DNS resolution fails and defaults to UNKNOWN.

Recommendations Update to version 3.4.3 or later.