Description
A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named b4a3a695c9873f824907bd15659f2a6ac7667b4f. It is recommended to apply a patch to fix this issue.
Published: 2026-05-18
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 18 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named b4a3a695c9873f824907bd15659f2a6ac7667b4f. It is recommended to apply a patch to fix this issue.
Title npitre cramfs-tools cramfsck.c change_file_status symlink
First Time appeared Npitre
Npitre cramfs-tools
Weaknesses CWE-59
CWE-61
CPEs cpe:2.3:a:npitre:cramfs-tools:*:*:*:*:*:*:*:*
Vendors & Products Npitre
Npitre cramfs-tools
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:L/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 4.2, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 4.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Npitre Cramfs-tools
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-18T12:24:18.988Z

Reserved: 2026-05-17T09:59:14.863Z

Link: CVE-2026-8784

cve-icon Vulnrichment

Updated: 2026-05-18T12:24:15.256Z

cve-icon NVD

Status : Deferred

Published: 2026-05-18T04:16:34.247

Modified: 2026-06-17T11:04:27.940

Link: CVE-2026-8784

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T05:00:13Z

Weaknesses