CVE-2026-43617

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing connections from hostnames that administrators intended to deny when reverse DNS resolution fails and defaults to UNKNOWN.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/RsyncProject/rsync/releases/tag/v3.4.3	Release Notes
https://github.com/RsyncProject/rsync/security/advisories/GHSA-rjfm-3w2m-jf4f	Vendor Advisory
https://www.vulncheck.com/advisories/rsync-authorization-bypass-via-hostname-resolution	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*

History

21 May 2026, 20:54

Type	Values Removed	Values Added
CPE		cpe:2.3:a:samba:rsync::::::::
References	~~() https://github.com/RsyncProject/rsync/releases/tag/v3.4.3 -~~	() https://github.com/RsyncProject/rsync/releases/tag/v3.4.3 - Release Notes
References	~~() https://github.com/RsyncProject/rsync/security/advisories/GHSA-rjfm-3w2m-jf4f -~~	() https://github.com/RsyncProject/rsync/security/advisories/GHSA-rjfm-3w2m-jf4f - Vendor Advisory
References	~~() https://www.vulncheck.com/advisories/rsync-authorization-bypass-via-hostname-resolution -~~	() https://www.vulncheck.com/advisories/rsync-authorization-bypass-via-hostname-resolution - Third Party Advisory
First Time		Samba Samba rsync

20 May 2026, 02:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-20 02:16

Updated : 2026-05-21 20:54

NVD link : CVE-2026-43617

Mitre link : CVE-2026-43617

CVE.ORG link : CVE-2026-43617

JSON object : View

Products Affected

samba

rsync

CWE

CWE-289

Authentication Bypass by Alternate Name

{"id": "CVE-2026-43617", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.2}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-05-20T02:16:36.233", "references": [{"url": "https://github.com/RsyncProject/rsync/releases/tag/v3.4.3", "tags": ["Release Notes"], "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/RsyncProject/rsync/security/advisories/GHSA-rjfm-3w2m-jf4f", "tags": ["Vendor Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/rsync-authorization-bypass-via-hostname-resolution", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-289"}]}], "descriptions": [{"lang": "en", "value": "Rsync version\u00a03.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing connections from hostnames that administrators intended to deny when reverse DNS resolution fails and defaults to UNKNOWN."}], "lastModified": "2026-05-21T20:54:29.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC81F4B6-4EC5-433C-9709-E4B9E340C65A", "versionEndIncluding": "3.4.2"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}