You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026-29518
About this tag
CVE-2026-29518 is a high-severity rsync vulnerability disclosed on May 20, 2026, affecting versions before 3.4.3. The flaw involves a symlink race condition in daemon mode when running without chroot protection, allowing an attacker to write files outside the intended module path. While not a widespread threat, it highlights risks in infrastructure relying on rsync, including backup systems, NAS devices, WSL, CI pipelines, and appliances. Windows administrators should inventory any Unix-based file-moving tools in their environments and apply the rsync 3.4.3 update to mitigate exposure.
CVE-2026-29518 is a high-severity rsync vulnerability disclosed on May 20, 2026, affecting versions before 3.4.3, in which a daemon running without chroot protection can be raced into following attacker-controlled symlinks and writing files outside the intended module path. It is not the sort of...