CVE-2026-43619
Symlink Race Condition in Rsync
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rsync | rsync | to 3.4.3 (exc) |
| rsync | rsync | From 3.4.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-43619 is a symlink race condition vulnerability found in rsync versions 3.4.2 and earlier. It affects various path-based system calls such as chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat. The vulnerability allows a local attacker with filesystem access to exploit a timing window between path resolution and the execution of these system calls. By swapping symbolic links during this window, the attacker can redirect operations to files outside the intended rsync module, potentially modifying permissions, ownership, timestamps, or filenames on arbitrary files. This issue occurs specifically when rsync daemons are configured with 'use chroot = no'. The root cause involves time-of-check to time-of-use (TOCTOU) race conditions and improper link resolution.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized modification of files outside the intended rsync module boundary. An attacker with local filesystem access can change file permissions, ownership, timestamps, or filenames on arbitrary files by exploiting the race condition. This can result in high confidentiality and integrity loss, as sensitive files might be altered or exposed without authorization. However, there is no direct impact on system availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a symlink race condition in rsync versions prior to 3.4.3 affecting various path-based system calls. Detection involves checking if your system is running a vulnerable rsync version and if the rsync daemon is configured with 'use chroot = no'.
To detect the vulnerability on your system, first verify the rsync version by running the command:
- rsync --version
If the version is 3.4.2 or earlier, your system is vulnerable. Next, check the rsync daemon configuration file (commonly /etc/rsyncd.conf) for the 'use chroot' setting:
- grep '^use chroot' /etc/rsyncd.conf
If 'use chroot' is set to 'no', the system is susceptible to this vulnerability.
Additionally, monitoring for suspicious symlink activity or unexpected changes in file permissions, ownership, or timestamps outside the intended rsync module boundaries may help detect exploitation attempts, though no specific detection commands are provided.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, the primary step is to upgrade rsync to version 3.4.3 or later, where the issue has been patched.
If upgrading immediately is not possible, ensure that the rsync daemon is configured with the default setting 'use chroot = yes', which prevents the vulnerability by restricting file operations within a chroot jail.
Limiting local filesystem access to trusted users can also reduce the risk, as exploitation requires local attacker access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-43619 allows local attackers to modify permissions, ownership, timestamps, or filenames on arbitrary files outside the intended rsync module boundary. This can lead to unauthorized access or modification of sensitive data.
Such unauthorized modifications and potential data integrity and confidentiality breaches could impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls over data access and integrity.
However, the provided information does not explicitly mention compliance impacts or regulatory considerations.