What is GHSA-4j4q-473w-9q2r?

GHSA-4j4q-473w-9q2r is a security advisory published by GitHub Security Advisories with Medium severity. Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's...

Which CVE IDs does GHSA-4j4q-473w-9q2r cover?

GHSA-4j4q-473w-9q2r covers the following CVE IDs: CVE-2026-43617. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-4j4q-473w-9q2r?

GHSA-4j4q-473w-9q2r has a CVSS v3 base score of 4.8, published by GitHub Security Advisories.

GHSA-4j4q-473w-9q2rMediumCVSS 4.8

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's...

Vendor

GitHub Security Advisories

Published

May 20, 2026

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2026-43617 →

📋 Description

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing connections from hostnames that administrators intended to deny when reverse DNS resolution fails and defaults to UNKNOWN.

🔗 References (5)

https://github.com/RsyncProject/rsync/security/advisories/GHSA-rjfm-3w2m-jf4f
https://nvd.nist.gov/vuln/detail/CVE-2026-43617
https://github.com/RsyncProject/rsync/releases/tag/v3.4.3
https://www.vulncheck.com/advisories/rsync-authorization-bypass-via-hostname-resolution
https://github.com/advisories/GHSA-4j4q-473w-9q2r