Stack Buffer Overflow Vulnerability in Vinchin Backup & Recovery
CVE-2026-60095

6.9MEDIUM

Key Information:

Vendor

Vinchin

Vendor
CVE Published:
9 July 2026

What is CVE-2026-60095?

A stack buffer overflow vulnerability exists in the ModuleHandShake function of the Vinchin Backup & Recovery agentlink_server service. This flaw enables unauthenticated remote attackers to overwrite the saved return address by sending a specially crafted request with a malicious _listen_uuid field. The vulnerability arises due to the usage of strcpy() without adequate bounds checking, allowing the attacker to exploit the strlen() measurement on an oversized input. Successfully triggering this vulnerability could result in process crashes or the potential for control flow hijacking, all without requiring any form of authentication.

Affected Version(s)

Backup & Recovery 9.0 0 <= 9.0.0.86562

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

CODE WHITE GmbH
.