Search
Search is not available in local development.
Run npx pagefind --site __site after building to enable it.
JLSEC-2026-628 CVSS_V4

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's...

JLSEC Published
Modified
Severity
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Packages
rsync_jll < 3.4.4+0
Aliases / Upstream
CVE-2026-43617 GHSA-4j4q-473w-9q2r EUVD-2026-31013

Rsync versionĀ 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing connections from hostnames that administrators intended to deny when reverse DNS resolution fails and defaults to UNKNOWN.

References