PT-2026-42153 · Rsync+3 · Rsync+3

Damien Neil

+2

·

Published

2026-05-20

·

Updated

2026-06-30

·

CVE-2026-29518

CVSS v3.1

7.8

High

VectorAV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3
Description A time-of-check to time-of-use (TOCTOU) race condition exists in the daemon file handling. This occurs when an rsync daemon is configured with the chroot setting set to false. A local attacker with write access to a module path can replace a parent directory component with a symbolic link between the time the receiver checks the path and the time it calls the open() function. This allows the attacker to redirect reads and writes outside the intended directories, enabling the disclosure of basis-files or the creation and overwriting of arbitrary files. If the daemon runs with elevated privileges, this can lead to privilege escalation.
Recommendations Update to version 3.4.3 or later. Ensure the chroot setting is set to true to prevent this issue.

Exploit

Fix

LPE

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

ALSA-2026:26332
ALSA-2026:26408
ALSA-2026:26410
CVE-2026-29518
ECHO-F2D1-E04B-C5E8
JLSEC-2026-626
OPENSUSE-SU-2026:10857-1
OPENSUSE-SU-2026:20877-1
RHSA-2026:26332
RHSA-2026:26408
RHSA-2026:26410
SUSE-SU-2026:2038-1
SUSE-SU-2026:2048-1
SUSE-SU-2026:2083-1
SUSE-SU-2026:21726-1
SUSE-SU-2026:21739-1
SUSE-SU-2026:21980-1
SUSE-SU-2026:22015-1
USN-8283-1
USN-8349-1
USN-8349-2
USN-8349-3

Affected Products

Linuxmint
Rocky Linux
Ubuntu
Rsync