PT-2026-56802 · Vinchin · Vinchin Backup & Recovery

Published

2026-07-09

·

Updated

2026-07-09

·

CVE-2026-60095

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Name of the Vulnerable Software and Affected Versions Vinchin Backup & Recovery versions prior to 9.0.0.86563
Description A stack buffer overflow exists in the ModuleHandShake() function of the agentlink server service. An unauthenticated remote attacker can exploit this by providing an oversized listen uuid field. The system measures this field using strlen() and copies it into a fixed-length stack buffer via strcpy() without performing bounds checking. This can lead to the overwriting of the saved return address, resulting in a process crash or potential control flow hijack.
Recommendations Update to a version newer than 9.0.0.86562.

Fix

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-60095

Affected Products

Vinchin Backup & Recovery