A vulnerability classified as very critical has been found in Vinchin Backup & Recovery up to 9.0.0.86562. Affected by this vulnerability is the function recv of the component TCP Packet Handler. The manipulation of the argument body_len leads to heap-based buffer overflow.

This vulnerability is documented as CVE-2026-60094. The attack can be initiated remotely. There is not any exploit available.