Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by sending a malformed TCP packet with an unchecked body_len field to the agentlink_server service. Attackers can craft a malicious packet that passes an attacker-controlled length directly to recv(), triggering a heap overflow of up to approximately 4 GiB and resulting in process crash or potential memory corruption.
Metrics
Affected Vendors & Products
References
History
Thu, 09 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by sending a malformed TCP packet with an unchecked body_len field to the agentlink_server service. Attackers can craft a malicious packet that passes an attacker-controlled length directly to recv(), triggering a heap overflow of up to approximately 4 GiB and resulting in process crash or potential memory corruption. | |
| Title | Vinchin Backup & Recovery 9.0.0.86562 Heap Buffer Overflow via agentlink_server | |
| Weaknesses | CWE-787 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-09T13:25:32.439Z
Reserved: 2026-07-08T13:27:53.029Z
Link: CVE-2026-60094
No data.
No data.
No data.
OpenCVE Enrichment
No data.