CVE-2026-8784

4.2 MEDIUM
Published: May 18, 2026 Modified: May 18, 2026
View on NVD

Description

A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named b4a3a695c9873f824907bd15659f2a6ac7667b4f. It is recommended to apply a patch to fix this issue.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/npitre/cramfs-tools/
Source: cna@vuldb.com
https://github.com/npitre/cramfs-tools/commit/b4a3a695c9873f824907bd15659f2a6ac7667b4f
Source: cna@vuldb.com
https://github.com/npitre/cramfs-tools/issues/13
Source: cna@vuldb.com
https://github.com/npitre/cramfs-tools/issues/13#issuecomment-4306102583
Source: cna@vuldb.com
https://vuldb.com/submit/811897
Source: cna@vuldb.com
https://vuldb.com/vuln/364408
Source: cna@vuldb.com
https://vuldb.com/vuln/364408/cti
Source: cna@vuldb.com

7 reference(s) from NVD

Quick Stats

CVSS v3 Score
4.2 / 10.0
EPSS (Exploit Probability)
0.2%
5th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-59 CWE-61

Related CVEs

CVE-2026-48777 N/A
CVE-2026-47750 7.8
CVE-2026-47747 7.8
CVE-2026-46448 5.4
CVE-2026-22313 9.1