CVE-2026-60095 in Backup & RecoveryИнформация

Сводка

по MITRE • 09.07.2026

Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlink_server service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized _listen_uuid field that is measured via strlen() and copied without bounds checking into a fixed-length stack buffer using strcpy(). Attackers can send a crafted request with a malicious _listen_uuid value to corrupt the stack and achieve process crash or potential control flow hijack without requiring authentication.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Ответственный

VulnCheck

Резервировать

08.07.2026

Раскрытие

09.07.2026

Модерация

принято

Вход

VDB-377203

EPSS

0.00000

KEV

Нет

Деятельности

Низкий

Источники

Do you know our Splunk app?

Download it now for free!