Multiple rsync Vulnerabilities Affect Ubuntu 22.04, 24.04, 25.10, and 26.04 LTS

Multiple rsync Vulnerabilities Affect Ubuntu 22.04, 24.04, 25.10, and 26.04 LTS

First seen 21 May 2026, 03:26 UTC UbuntuLinuxsecuritylaunchpad.net 92% similarity 74.0

Article Content

Browse articles
ThreatCluster

Several vulnerabilities were identified in the rsync tool affecting multiple Ubuntu LTS versions. CVE-2025-10158 allows remote attackers to cause a denial of service through a heap-based out-of-bounds read. CVE-2026-29518 exposes rsync daemons without chroot protection to race conditions, enabling local attackers to overwrite files or escalate privileges. Additional vulnerabilities (CVE-2026-41035, CVE-2026-43617, CVE-2026-43618, CVE-2026-43619, CVE-2026-45232) were also discovered, some allowing denial of service or information disclosure. Affected systems include Ubuntu 22.04 LTS, 24.04 LTS, 25.10, and 26.04 LTS. Users are advised to update their systems to mitigate these risks.

Key Points: • rsync vulnerabilities affect Ubuntu 22.04, 24.04, 25.10, and 26.04 LTS. • CVE-2025-10158 and CVE-2026-29518 pose significant risks including denial of service and privilege escalation. • Immediate updates are necessary to secure affected systems against these vulnerabilities.

ThreatCluster AI

Timeline

2025-11-18
CVE-2025-10158 published
Heap-based out-of-bounds read vulnerability in rsync allows remote denial of service.
Ubuntu
2026-04-16
CVE-2026-41035 published
Vulnerability discovered in rsync related to improper validation of length values.
Ubuntu
2026-05-20
Multiple CVEs published
CVE-2026-29518, CVE-2026-43617, CVE-2026-43618, CVE-2026-43619, and CVE-2026-45232 disclosed, affecting rsync.
Linuxsecurity
2026-05-20
CVE-2026-43620 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-20
CVE-2026-43617 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-20
CVE-2026-45232 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-20
CVE-2026-43618 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-20
CVE-2026-29518 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-20
CVE-2026-43619 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE

Community

Browse all →