PT-2026-56801 · Vinchin · Vinchin Backup & Recovery

Published

2026-07-09

·

Updated

2026-07-09

·

CVE-2026-60094

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Name of the Vulnerable Software and Affected Versions Vinchin Backup & Recovery versions prior to 9.0.0.86563
Description A heap buffer overflow occurs when the agentlink server service processes a malformed TCP packet. An unauthenticated remote attacker can send a packet with an unchecked body len field, which is passed directly to the recv() function. This can trigger a heap overflow of approximately 4 GiB, leading to memory corruption or a process crash. A heap buffer overflow is a condition where a program writes more data to a heap-allocated memory block than it can hold.
Recommendations Update Vinchin Backup & Recovery to a version newer than 9.0.0.86562.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-60094

Affected Products

Vinchin Backup & Recovery