UBUNTU-CVE-2026-29518

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2026-29518
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-29518.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2026-29518
Upstream
Downstream
Related
Published
2026-05-20T00:00:00Z
Modified
2026-06-01T11:44:04.371728656Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • 7.3 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
  • Ubuntu - high
Summary
[none]
Details

Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path can exploit this race condition to create or overwrite arbitrary files, potentially modifying sensitive system files and achieving privilege escalation when the daemon runs with elevated privileges. This vulnerability can only be triggered if the chroot setting is false.

References

Affected packages

Ubuntu:22.04:LTS
rsync

Package

Name
rsync
Purl
pkg:deb/ubuntu/rsync?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.7-0ubuntu0.22.04.6

Affected versions

3.*
3.2.3-4ubuntu1
3.2.3-4ubuntu2
3.2.3-8ubuntu1
3.2.3-8ubuntu2
3.2.3-8ubuntu3
3.2.3-8ubuntu3.1
3.2.7-0ubuntu0.22.04.2
3.2.7-0ubuntu0.22.04.3
3.2.7-0ubuntu0.22.04.4

Ecosystem specific 

{
    "priority_reason": "rsync developers have rated this as being a high severity issue",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "rsync",
            "binary_version": "3.2.7-0ubuntu0.22.04.6"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-29518.json"
Ubuntu:24.04:LTS
rsync

Package

Name
rsync
Purl
pkg:deb/ubuntu/rsync?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.7-1ubuntu1.4

Affected versions

3.*
3.2.7-1
3.2.7-1build1
3.2.7-1build2
3.2.7-1ubuntu1
3.2.7-1ubuntu1.1
3.2.7-1ubuntu1.2

Ecosystem specific 

{
    "priority_reason": "rsync developers have rated this as being a high severity issue",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "rsync",
            "binary_version": "3.2.7-1ubuntu1.4"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-29518.json"
Ubuntu:25.10
rsync

Package

Name
rsync
Purl
pkg:deb/ubuntu/rsync?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.1+ds1-5ubuntu1.2

Affected versions

3.*
3.4.1+ds1-3
3.4.1+ds1-4
3.4.1+ds1-5
3.4.1+ds1-5ubuntu1

Ecosystem specific 

{
    "priority_reason": "rsync developers have rated this as being a high severity issue",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "rsync",
            "binary_version": "3.4.1+ds1-5ubuntu1.2"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-29518.json"
Ubuntu:26.04:LTS
rsync

Package

Name
rsync
Purl
pkg:deb/ubuntu/rsync?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.1+ds1-7ubuntu0.2

Affected versions

3.*
3.4.1+ds1-5ubuntu1
3.4.1+ds1-6
3.4.1+ds1-7

Ecosystem specific 

{
    "priority_reason": "rsync developers have rated this as being a high severity issue",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.4.1+ds1-7ubuntu0.2",
            "binary_name": "rsync"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-29518.json"
Ubuntu:Pro:14.04:LTS
rsync

Package

Name
rsync
Purl
pkg:deb/ubuntu/rsync?arch=source&distro=esm-infra-legacy%2Ftrusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.0-2ubuntu0.4+esm3

Affected versions

3.*
3.0.9-4ubuntu1
3.1.0-2
3.1.0-2ubuntu0.1
3.1.0-2ubuntu0.2
3.1.0-2ubuntu0.3
3.1.0-2ubuntu0.4
3.1.0-2ubuntu0.4+esm1
3.1.0-2ubuntu0.4+esm2

Ecosystem specific 

{
    "priority_reason": "rsync developers have rated this as being a high severity issue",
    "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "rsync",
            "binary_version": "3.1.0-2ubuntu0.4+esm3"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-29518.json"
Ubuntu:Pro:16.04:LTS
rsync

Package

Name
rsync
Purl
pkg:deb/ubuntu/rsync?arch=source&distro=esm-infra-legacy%2Fxenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.1-3ubuntu1.3+esm5

Affected versions

3.*
3.1.1-3
3.1.1-3ubuntu1
3.1.1-3ubuntu1.1
3.1.1-3ubuntu1.2
3.1.1-3ubuntu1.3
3.1.1-3ubuntu1.3+esm1
3.1.1-3ubuntu1.3+esm2
3.1.1-3ubuntu1.3+esm3
3.1.1-3ubuntu1.3+esm4

Ecosystem specific 

{
    "priority_reason": "rsync developers have rated this as being a high severity issue",
    "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.1.1-3ubuntu1.3+esm5",
            "binary_name": "rsync"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-29518.json"
Ubuntu:Pro:18.04:LTS
rsync

Package

Name
rsync
Purl
pkg:deb/ubuntu/rsync?arch=source&distro=esm-infra%2Fbionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2-2.1ubuntu1.6+esm3

Affected versions

3.*
3.1.2-2
3.1.2-2.1
3.1.2-2.1ubuntu1
3.1.2-2.1ubuntu1.1
3.1.2-2.1ubuntu1.2
3.1.2-2.1ubuntu1.3
3.1.2-2.1ubuntu1.4
3.1.2-2.1ubuntu1.5
3.1.2-2.1ubuntu1.6
3.1.2-2.1ubuntu1.6+esm1
3.1.2-2.1ubuntu1.6+esm2

Ecosystem specific 

{
    "priority_reason": "rsync developers have rated this as being a high severity issue",
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "rsync",
            "binary_version": "3.1.2-2.1ubuntu1.6+esm3"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-29518.json"
Ubuntu:Pro:20.04:LTS
rsync

Package

Name
rsync
Purl
pkg:deb/ubuntu/rsync?arch=source&distro=esm-infra%2Ffocal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.3-8ubuntu0.9+esm1

Affected versions

3.*
3.1.3-6
3.1.3-8
3.1.3-8ubuntu0.1
3.1.3-8ubuntu0.2
3.1.3-8ubuntu0.3
3.1.3-8ubuntu0.4
3.1.3-8ubuntu0.5
3.1.3-8ubuntu0.7
3.1.3-8ubuntu0.8
3.1.3-8ubuntu0.9

Ecosystem specific 

{
    "priority_reason": "rsync developers have rated this as being a high severity issue",
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "rsync",
            "binary_version": "3.1.3-8ubuntu0.9+esm1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-29518.json"