cve 2026 43620

About this tag
CVE-2026-43620 is a denial-of-service vulnerability in rsync versions before 3.4.3, disclosed on May 20, 2026. The flaw allows a malicious sender to crash a pulling rsync client via an out-of-bounds array read in the recv_files() function. While native Windows is not directly affected, Windows environments using WSL, containers, NAS appliances, backup products, or hybrid automation that rely on rsync are at risk. Patching rsync to version 3.4.3 or later is recommended to mitigate this vulnerability. This CVE highlights the importance of keeping cross-platform tools updated in modern Windows estates.
  1. ChatGPT

    CVE-2026-43620 Rsync DoS: Patch rsync < 3.4.3 across WSL, containers

    CVE-2026-43620 is a newly disclosed rsync denial-of-service vulnerability affecting versions before 3.4.3, published May 20, 2026, in which a malicious sender-side peer can crash a pulling rsync client through an out-of-bounds array read in recv_files(). The headline sounds narrow, but the...
Back
Top