Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 18 May 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 18 May 2026 03:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named b4a3a695c9873f824907bd15659f2a6ac7667b4f. It is recommended to apply a patch to fix this issue. | |
| Title | npitre cramfs-tools cramfsck.c change_file_status symlink | |
| First Time appeared |
Npitre
Npitre cramfs-tools |
|
| Weaknesses | CWE-59 CWE-61 |
|
| CPEs | cpe:2.3:a:npitre:cramfs-tools:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Npitre
Npitre cramfs-tools |
|
| References |
|
|
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-05-18T12:24:18.988Z
Reserved: 2026-05-17T09:59:14.863Z
Link: CVE-2026-8784
Updated: 2026-05-18T12:24:15.256Z
Status : Deferred
Published: 2026-05-18T04:16:34.247
Modified: 2026-06-17T11:04:27.940
Link: CVE-2026-8784
No data.
OpenCVE Enrichment
Updated: 2026-05-18T05:00:13Z