CVE-2026-60095
Received Received - Intake

Stack Buffer Overflow in Vinchin Backup & Recovery

Vulnerability report for CVE-2026-60095, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: VulnCheck

Description

Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlink_server service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized _listen_uuid field that is measured via strlen() and copied without bounds checking into a fixed-length stack buffer using strcpy(). Attackers can send a crafted request with a malicious _listen_uuid value to corrupt the stack and achieve process crash or potential control flow hijack without requiring authentication.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
vinchin backup_and_recovery 9.0.0.86562
vinchin backup_and_recovery to 9.0.0.86562 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-60095 is a stack buffer overflow vulnerability found in Vinchin Backup & Recovery version 9.0.0.86562 and earlier. It exists in the ModuleHandShake function of the agentlink_server service.

The vulnerability occurs because the _listen_uuid field is measured using strlen() and then copied into a fixed-length stack buffer using strcpy() without proper bounds checking. This allows an unauthenticated remote attacker to send a crafted request with an oversized _listen_uuid value, which overwrites the saved return address on the stack.

Exploiting this flaw can cause the process to crash or potentially allow the attacker to hijack the control flow of the program.

Impact Analysis

This vulnerability can impact you by allowing unauthenticated remote attackers to cause a denial of service through process crashes or potentially execute arbitrary code by hijacking the control flow of the affected service.

Such exploitation could lead to system instability, unauthorized control over the backup service, and compromise of the system running Vinchin Backup & Recovery.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-60095 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

To mitigate the stack buffer overflow vulnerability in Vinchin Backup & Recovery (CVE-2026-60095), immediate steps include avoiding exposure of the vulnerable agentlink_server service to untrusted networks, as the vulnerability can be exploited remotely without authentication.

Additionally, monitor for updates or patches from Vinchin and apply them as soon as they become available to fix the buffer overflow issue in the ModuleHandShake function.

Detection Guidance

This vulnerability involves a stack buffer overflow in the ModuleHandShake function of the agentlink_server service in Vinchin Backup & Recovery version 9.0.0.86562 and earlier. Detection would involve identifying if the vulnerable version of the software is running and monitoring for suspicious or malformed network requests targeting the _listen_uuid field.

Since the vulnerability is triggered by sending a crafted request with an oversized _listen_uuid field, network detection could include monitoring for unusually large or malformed _listen_uuid values in traffic to the agentlink_server service.

Specific commands to detect the presence of the vulnerable software version on a system could include:

  • On Linux systems, check the installed version of Vinchin Backup & Recovery using package management commands or by querying the service directly, for example: `rpm -qa | grep vinchin` or `dpkg -l | grep vinchin`.
  • Use network scanning tools like Nmap to detect the agentlink_server service and its version, e.g., `nmap -sV -p <agentlink_server_port> <target_ip>`.
  • Monitor network traffic for oversized _listen_uuid fields using packet capture tools such as tcpdump or Wireshark, filtering for traffic to the agentlink_server port and inspecting the _listen_uuid field length.

Note that no specific detection scripts or commands for the crafted request are provided in the available resources.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-60095. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart