Skip to main content

Vinchin Backup & Recovery EUVDEUVD-2026-42588

| CVE-2026-60095 MEDIUM
Stack-based Buffer Overflow (CWE-121)
2026-07-09 VulnCheck GHSA-34r7-v6pv-xq6v
6.9
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.1 HIGH

AV:N and PR:N confirmed by description; AC:H reflects that reliable RCE via return-address overwrite requires bypassing modern OS memory protections such as ASLR and stack canaries.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 09, 2026 - 13:51 vuln.today

DescriptionCVE.org

Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlink_server service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized _listen_uuid field that is measured via strlen() and copied without bounds checking into a fixed-length stack buffer using strcpy(). Attackers can send a crafted request with a malicious _listen_uuid value to corrupt the stack and achieve process crash or potential control flow hijack without requiring authentication.

AnalysisAI

Stack buffer overflow in Vinchin Backup & Recovery through 9.0.0.86562 exposes the agentlink_server service to unauthenticated remote exploitation via the ModuleHandShake function. An attacker supplying an oversized _listen_uuid value triggers unsafe strcpy() into a fixed-length stack buffer, overwriting the saved return address and enabling process crash or control flow hijack. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Connect to agentlink_server network port
Delivery
Initiate ModuleHandShake request
Exploit
Supply oversized _listen_uuid field
Install
strcpy() overflows fixed stack buffer
C2
Saved return address overwritten
Execute
Control flow hijacked on function return
Impact
Arbitrary code execution as service process

Vulnerability AssessmentAI

Exploitation The agentlink_server service must be network-reachable from the attacker - no authentication is required and no special client configuration is needed beyond establishing a connection and initiating the ModuleHandShake exchange. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) reflects a worst-case attack surface: network-reachable, no complexity, no prerequisites, no authentication, no user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker sends a crafted TCP request to the agentlink_server service with an oversized _listen_uuid value during the ModuleHandShake phase. The strcpy() call copies the malicious field into the fixed stack buffer without bounds checking, overwriting the saved return address. …
Remediation No vendor-released patch with a confirmed fixed version number has been identified from the available references at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42588 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy