EUVD-2026-36056

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh sshsftpd module allows File Discovery. The SSHFXPREADLINK handler in sshsftpd sends the raw result of file:readlink/2 to the client without calling chrootfilename/2 to strip the backend root prefix. An...

CVE-2026-48855

CVE-2026-48855 concerns Erlang OTP SSH, specifically the ssh_sftpd.erl component of the SFTP server. The issue: the SSH_FXP_READLINK handler returns the raw result of file:read_link/2 without applying chroot_filename/2, allowing an authenticated SFTP client to create a symlink inside the chroot t...

PT-2026-48463

Summary Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh ssh sftpd module allows File Discovery. The SSH FXP READLINK handler in ssh sftpd sends the raw result of file:read link/2 to the client without calling chroot filename/2 to strip the backend root...

CVE-2026-48827

A flaw was found in Apache MINA SSHD bundle sshd-git. This path traversal vulnerability allows authenticated users to access Git repositories located outside the intended server root directory. The lack of proper path validation during Git operations, such as git-upload-pack and git-receive-pack,...

USN-8349-2 rsync regression

USN-8349-1 fixed vulnerabilities in rsync. The update introduced multiple regressions in rsync functionality. This update fixes the problem. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with...

USN-8349-2: rsync regression

USN-8349-1 fixed vulnerabilities in rsync. The update introduced multiple regressions in rsync functionality. This update fixes the problem. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with...

CVE-2026-32147

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in file...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : rsync vulnerabilities (USN-8349-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8349-1 advisory. Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote...

USN-8349-1 rsync vulnerabilities

Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. CVE-2025-10158 Batuhan Sancak, Damien Neil, and Michael Stapelberg discovere...

USN-8349-1: rsync vulnerabilities

Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. CVE-2025-10158 Batuhan Sancak, Damien Neil, and Michael Stapelberg discovere...

rsync: Fix of 2 CVEs

CVE-2026-43618: fix integer overflow in compressed-token decoding that could leak rsync process memory contents over the wire - CVE-2026-29518: fix TOCTOU race on parent path components in non-chroot daemon by routing receiver/sender opens, chmod, and chdir through per- component ONOFOLLOW secure...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2026-1755)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1755 advisory. Fix GSS-API resource leak CVE-2026-3039 Limit resolver server list size CVE-2026-3592 An unauthenticated remote attacker can crash any affected named instance with a single crafted DNS message...

CLSA-2026-1779694887 rsync: Fix of CVE-2026-29518

CVE-2026-29518: fix daemon-no-chroot TOCTOU symlink race by tracking per-module chroot in amchrooted, routing sender read-path, receiver basis-file open, mkstemp, and inplace write through securerelativeopen / securemkstemp...

CLSA-2026-1779694727 Fix CVE(s): CVE-2026-29518

SECURITY UPDATE: daemon-no-chroot TOCTOU symlink race - debian/patches/CVE-2026-29518.patch: track per-module chroot in amchrooted and usesecuresymlinks; route the sender's read-path open, the receiver's basis-file open, mkstemp, and inplace write through securerelativeopen / securemkstemp -...

CLSA-2026-1779694460 Fix CVE(s): CVE-2026-29518

SECURITY UPDATE: daemon-no-chroot TOCTOU symlink race - debian/patches/CVE-2026-29518.patch: track per-module chroot in amchrooted and usesecuresymlinks; route the sender's read-path open, the receiver's basis-file open, mkstemp, and inplace write through securerelativeopen / securemkstemp -...

Linux Distros Unpatched Vulnerability : CVE-2026-44933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If...

CVE-2026-29518

A flaw was found in rsync. An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink between the receiver's check and its open...

CVE-2026-43617

A flaw was found in rsync. When an rsync daemon is configured with "daemon chroot = /X" and uses hostname-based access control lists ACLs, and the chrooted directory /X lacks necessary DNS resolution files, a remote attacker can bypass hostname-based deny rules. This occurs because the daemon...

CVE-2026-43619

A flaw was found in rsync. A local attacker with filesystem access on the daemon host can exploit a symlink race vulnerability CWE-367 Time-of-check to time-of-use in rsync daemons configured with 'use chroot = no'. This allows the attacker to redirect path-based system calls, such as chmod,...

SUSE CVE-2026-29518

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...