Lucene search
K

Linux Distros Unpatched Vulnerability : CVE-2026-43620

šŸ—“ļøĀ 20 May 2026Ā 00:00:00Reported byĀ TenableTypeĀ 
nessus
Ā nessus
šŸ”—Ā www.tenable.comšŸ‘Ā 7Ā Views

Unpatched rsync up to 3.4.2 vulnerable to receiver-side out-of-bounds read causing crash with crafted file list (CVE-2026-43620).

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-43620
20 May 202600:47
–attackerkb
AlpineLinux
CVE-2026-43620
20 May 202600:47
–alpinelinux
CBLMariner
CVE-2026-43620 affecting package rsync for versions less than 3.4.3-1
23 May 202615:30
–cbl_mariner
Circl
CVE-2026-43620
20 May 202602:56
–circl
CNNVD
Rsync ē¼“å†²åŒŗé”™čÆÆę¼ę“ž
20 May 202600:00
–cnnvd
CVE
CVE-2026-43620
20 May 202600:47
–cve
Cvelist
CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()
20 May 202600:47
–cvelist
Debian
[SECURITY] [DLA 4591-1] rsync security update
20 May 202614:39
–debian
Debian
[SECURITY] [DSA 6282-1] rsync security update
20 May 202613:26
–debian
Debian CVE
CVE-2026-43620
20 May 202600:47
–debiancve
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(315595);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/12");

  script_cve_id("CVE-2026-43620");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2026-43620");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in
    recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process.
    Attackers can exploit the vulnerability by setting CF_INC_RECURSE in compatibility flags and sending a
    specially crafted file list where the first sorted entry is not the leading dot directory, followed by a
    transfer record with ndx=0 and an iflag word without ITEM_TRANSFER, causing the receiver to read 8 bytes
    before the allocated pointer array and dereference an invalid pointer at an unmapped address, resulting in
    a deterministic SIGSEGV crash of the rsync client. (CVE-2026-43620)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2026-43620");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-43620");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/05/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/05/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:rsync");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:rsync-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:rsync-rrsync");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rsync");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rsync-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rsync-rrsync");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/CentOS Linux-7", "Host/OS/CentOS Linux-8", "Host/OS/Red Hat Enterprise Linux-10", "Host/OS/Red Hat Enterprise Linux-6", "Host/OS/Red Hat Enterprise Linux-7", "Host/OS/Red Hat Enterprise Linux-8", "Host/OS/Red Hat Enterprise Linux-9");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/CentOS/rpm-list")) && empty_or_null(get_one_kb_item("Host/RedHat/rpm-list"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Red Hat Enterprise Linux-10": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "10",
        "pkgs": [
          {"reference": "rsync"},
          {"reference": "rsync-daemon"},
          {"reference": "rsync-rrsync"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-9": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "9",
        "pkgs": [
          {"reference": "rsync"},
          {"reference": "rsync-daemon"},
          {"reference": "rsync-rrsync"}
        ]
      }
    ]
  },
  "CentOS Linux-7": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "7",
        "pkgs": [
          {"reference": "rsync"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-6": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "6",
        "pkgs": [
          {"reference": "rsync"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-7": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "7",
        "pkgs": [
          {"reference": "rsync"}
        ]
      }
    ]
  },
  "CentOS Linux-8": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "8",
        "pkgs": [
          {"reference": "rsync"},
          {"reference": "rsync-daemon"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-8": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "8",
        "pkgs": [
          {"reference": "rsync"},
          {"reference": "rsync-daemon"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

12 Jun 2026 00:00Current
5.5Medium risk
Vulners AI Score5.5
CVSS 3.15.5 - 6.5
CVSS 46.9
EPSS0.00503
SSVC
7