Stack Buffer Overflow Vulnerability in Vinchin Backup & Recovery
CVE-2026-60095
6.9MEDIUM
What is CVE-2026-60095?
A stack buffer overflow vulnerability exists in the ModuleHandShake function of the Vinchin Backup & Recovery agentlink_server service. This flaw enables unauthenticated remote attackers to overwrite the saved return address by sending a specially crafted request with a malicious _listen_uuid field. The vulnerability arises due to the usage of strcpy() without adequate bounds checking, allowing the attacker to exploit the strlen() measurement on an oversized input. Successfully triggering this vulnerability could result in process crashes or the potential for control flow hijacking, all without requiring any form of authentication.
Affected Version(s)
Backup & Recovery 9.0 0 <= 9.0.0.86562
