JLSEC-2026-628

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-628.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-628.json
JSON Data
https://api.test.osv.dev/v1/vulns/JLSEC-2026-628
Upstream
  • EUVD-2026-31013
  • GHSA-4j4q-473w-9q2r
Published
2026-06-25T17:41:14.392Z
Modified
2026-06-25T17:49:19.722693577Z
Severity
  • 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's...
Details

Rsync versionĀ 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing connections from hostnames that administrators intended to deny when reverse DNS resolution fails and defaults to UNKNOWN.

Database specific 
{
    "sources": [
        {
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43617",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-43617",
            "id": "CVE-2026-43617",
            "modified": "2026-06-17T10:49:55.047Z",
            "published": "2026-05-20T02:16:36.233Z",
            "database_specific": {
                "status": "Analyzed"
            },
            "imported": "2026-06-25T17:27:23.303Z"
        },
        {
            "html_url": "https://github.com/advisories/GHSA-4j4q-473w-9q2r",
            "url": "https://api.github.com/advisories/GHSA-4j4q-473w-9q2r",
            "id": "GHSA-4j4q-473w-9q2r",
            "modified": "2026-05-20T03:31:41Z",
            "published": "2026-05-20T03:31:33Z",
            "imported": "2026-06-25T17:27:26.319Z"
        },
        {
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31013",
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-31013",
            "id": "EUVD-2026-31013",
            "modified": "2026-05-20T15:45:40Z",
            "published": "2026-05-20T00:52:38Z",
            "imported": "2026-06-25T17:27:24.675Z"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / rsync_jll

Package

Name
rsync_jll
Purl
pkg:julia/rsync_jll?uuid=191d6b87-264a-55f5-a0e2-c8fbce9a1ce0

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.4+0

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-628.json"