PT-2026-56802 · Vinchin · Vinchin Backup & Recovery
Published
2026-07-09
·
Updated
2026-07-09
·
CVE-2026-60095
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Vinchin Backup & Recovery versions prior to 9.0.0.86563
Description
A stack buffer overflow exists in the
ModuleHandShake() function of the agentlink server service. An unauthenticated remote attacker can exploit this by providing an oversized listen uuid field. The system measures this field using strlen() and copies it into a fixed-length stack buffer via strcpy() without performing bounds checking. This can lead to the overwriting of the saved return address, resulting in a process crash or potential control flow hijack.Recommendations
Update to a version newer than 9.0.0.86562.
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vinchin Backup & Recovery