What is GHSA-pfv9-gp3h-73xv?

GHSA-pfv9-gp3h-73xv is a security advisory published by GitHub Security Advisories with High severity. Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in...

Which CVE IDs does GHSA-pfv9-gp3h-73xv cover?

GHSA-pfv9-gp3h-73xv covers the following CVE IDs: CVE-2026-29518. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-pfv9-gp3h-73xv?

GHSA-pfv9-gp3h-73xv has a CVSS v3 base score of 7.0, published by GitHub Security Advisories.

GHSA-pfv9-gp3h-73xvHighCVSS 7.0

Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in...

Vendor

GitHub Security Advisories

Published

May 20, 2026

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2026-29518 →

📋 Description

Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path can exploit this race condition to create or overwrite arbitrary files, potentially modifying sensitive system files and achieving privilege escalation when the daemon runs with elevated privileges. This vulnerability can only be triggered if the chroot setting is false.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-29518
https://github.com/RsyncProject/rsync/pull/895/changes/8471fdd1561049ef5f58df44a1811a50bd9a531d
https://github.com/RsyncProject/rsync/releases/tag/v3.4.3
https://www.vulncheck.com/advisories/rsync-toctou-race-condition-allows-symlink-based-arbitrary-file-write
https://github.com/advisories/GHSA-pfv9-gp3h-73xv