A vulnerability classified as very critical was found in Vinchin Backup & Recovery up to 9.0.0.86562. Affected by this issue is the function
ModuleHandShake of the component Module Handshake. The manipulation of the argument _listen_uuid results in stack-based buffer overflow.
This vulnerability is reported as CVE-2026-60095. The attack can be launched remotely. No exploit exists.