CyberRota
← Ana sayfaya dön

CVE-2026-60095

MEDIUM · CVSS 6.5

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-09T14:16:35.390 · Çekilme zamanı: 2026-07-09T18:19:49.915308+00:00

CyberRota Yorumu

Uzaktan istismar edilebilir olabilir.

CVE
CVE-2026-60095
Severity
MEDIUM
CVSS
6.5
EPSS
Yok

Orijinal NVD Açıklaması

Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlink_server service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized _listen_uuid field that is measured via strlen() and copied without bounds checking into a fixed-length stack buffer using strcpy(). Attackers can send a crafted request with a malicious _listen_uuid value to corrupt the stack and achieve process crash or potential control flow hijack without requiring authentication.