JLSEC-2026-626

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-626.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-626.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-626
Upstream
  • CVE-2026-29518
  • EUVD-2026-31100
  • GHSA-pfv9-gp3h-73xv
Published
2026-06-25T17:41:14.392Z
Modified
2026-07-02T05:46:46.999966406Z
Severity
  • 7.3 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in...
Details

Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path can exploit this race condition to create or overwrite arbitrary files, potentially modifying sensitive system files and achieving privilege escalation when the daemon runs with elevated privileges. This vulnerability can only be triggered if the chroot setting is false.

Database specific
{
    "sources": [
        {
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-29518",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29518",
            "database_specific": {
                "status": "Modified"
            },
            "published": "2026-05-20T13:16:17.040Z",
            "imported": "2026-06-25T17:27:23.390Z",
            "id": "CVE-2026-29518",
            "modified": "2026-06-17T10:29:48.210Z"
        },
        {
            "url": "https://api.github.com/advisories/GHSA-pfv9-gp3h-73xv",
            "html_url": "https://github.com/advisories/GHSA-pfv9-gp3h-73xv",
            "published": "2026-05-20T15:35:30Z",
            "imported": "2026-06-25T17:27:27.214Z",
            "id": "GHSA-pfv9-gp3h-73xv",
            "modified": "2026-05-26T18:31:40Z"
        },
        {
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-31100",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31100",
            "published": "2026-05-20T12:48:07Z",
            "imported": "2026-06-25T17:27:24.641Z",
            "id": "EUVD-2026-31100",
            "modified": "2026-05-26T14:40:30Z"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / rsync_jll

Package

Name
rsync_jll
Purl
pkg:julia/rsync_jll?uuid=191d6b87-264a-55f5-a0e2-c8fbce9a1ce0

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.4+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-626.json"