Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-7w3c-s3ph-v7fk
Vulnerability ID VCID-7w3c-s3ph-v7fk
Aliases CVE-2026-45232
Summary rsync: Rsync: Denial of Service via malformed HTTP proxy response
Status Published
Exploitability 0.5
Weighted Severity 5.3
Risk 2.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-193 Off-by-one Error
System Score Found at
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45232.json
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2026-45232
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2026-45232
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2026-45232
cvssv3.1 4.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 3.1 https://github.com/RsyncProject/rsync/releases/tag/v3.4.3
cvssv4 2.1 https://github.com/RsyncProject/rsync/releases/tag/v3.4.3
ssvc Track https://github.com/RsyncProject/rsync/releases/tag/v3.4.3
cvssv3.1 3.1 https://github.com/RsyncProject/rsync/security/advisories/GHSA-8f85-j2cv-59m8
cvssv4 2.1 https://github.com/RsyncProject/rsync/security/advisories/GHSA-8f85-j2cv-59m8
ssvc Track https://github.com/RsyncProject/rsync/security/advisories/GHSA-8f85-j2cv-59m8
cvssv3.1 3.1 https://www.vulncheck.com/advisories/rsync-off-by-one-stack-write-via-http-proxy
cvssv4 2.1 https://www.vulncheck.com/advisories/rsync-off-by-one-stack-write-via-http-proxy
ssvc Track https://www.vulncheck.com/advisories/rsync-off-by-one-stack-write-via-http-proxy
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45232.json
https://api.first.org/data/v1/epss?cve=CVE-2026-45232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45232
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2480057 https://bugzilla.redhat.com/show_bug.cgi?id=2480057
GHSA-8f85-j2cv-59m8 https://github.com/RsyncProject/rsync/security/advisories/GHSA-8f85-j2cv-59m8
rsync-off-by-one-stack-write-via-http-proxy https://www.vulncheck.com/advisories/rsync-off-by-one-stack-write-via-http-proxy
USN-8283-1 https://usn.ubuntu.com/8283-1/
USN-8349-1 https://usn.ubuntu.com/8349-1/
v3.4.3 https://github.com/RsyncProject/rsync/releases/tag/v3.4.3
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45232.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://github.com/RsyncProject/rsync/releases/tag/v3.4.3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://github.com/RsyncProject/rsync/releases/tag/v3.4.3
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T17:30:10Z/ Found at https://github.com/RsyncProject/rsync/releases/tag/v3.4.3
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://github.com/RsyncProject/rsync/security/advisories/GHSA-8f85-j2cv-59m8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://github.com/RsyncProject/rsync/security/advisories/GHSA-8f85-j2cv-59m8
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T17:30:10Z/ Found at https://github.com/RsyncProject/rsync/security/advisories/GHSA-8f85-j2cv-59m8
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://www.vulncheck.com/advisories/rsync-off-by-one-stack-write-via-http-proxy
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://www.vulncheck.com/advisories/rsync-off-by-one-stack-write-via-http-proxy
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T17:30:10Z/ Found at https://www.vulncheck.com/advisories/rsync-off-by-one-stack-write-via-http-proxy
Exploit Prediction Scoring System (EPSS)
Percentile 0.13402
EPSS Score 0.00043
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:28:26.602123+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45232.json 38.6.0