Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-56vk-3vsy-nkef
Vulnerability ID VCID-56vk-3vsy-nkef
Aliases CVE-2007-6199
Summary rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
Status Published
Exploitability 0.5
Weighted Severity 0.1
Risk 0.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.06572 https://api.first.org/data/v1/epss?cve=CVE-2007-6199
epss 0.06572 https://api.first.org/data/v1/epss?cve=CVE-2007-6199
epss 0.06572 https://api.first.org/data/v1/epss?cve=CVE-2007-6199
epss 0.06572 https://api.first.org/data/v1/epss?cve=CVE-2007-6199
epss 0.06572 https://api.first.org/data/v1/epss?cve=CVE-2007-6199
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6199.json
https://api.first.org/data/v1/epss?cve=CVE-2007-6199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6199
407161 https://bugzilla.redhat.com/show_bug.cgi?id=407161
453652 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453652
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.91315
EPSS Score 0.06572
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:10:03.048719+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0