CVE-2026-29518

high Red Hat
CVSS v3 Base Score
7.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 99% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Published: May 20, 2026 (51 days ago)
Last Modified: May 20, 2026
Vendor: Red Hat
Source: REDHAT

Description

Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path can exploit this race condition to create or overwrite arbitrary files, potentially modifying sensitive system files and achieving privilege escalation when the daemon runs with elevated privileges. This vulnerability can only be triggered if the chroot setting is false.

CWE

CWE-367

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4

References