CVE-2026-8784 - Vulnerability Details

- npitre cramfs-tools cramfsck.c change_file_status symlink

Description

A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named b4a3a695c9873f824907bd15659f2a6ac7667b4f. It is recommended to apply a patch to fix this issue.

Published: 2026-05-18

Score: 4.6 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw lies in the change_file_status function of cramfsck.c, which can be engineered by a local attacker to follow a symlink and access or overwrite files outside the expected directory structure. This attack enables the attacker to read or modify unintended files, compromising data integrity and confidentiality, but it does not provide remote code execution or privilege escalation.

Affected Systems

The vulnerability affects npitre cramfs-tools releases up to and including version 2.2. Any build within that range that contains the described function is potentially vulnerable; no further version granularity is provided in the CNA data.

Risk and Exploitability

With a CVSS score of 4.6 the issue is of moderate severity. The EPSS value is unavailable, so the likelihood of exploitation is unknown, and the vulnerability is not listed in CISA KEV. Exploitation requires local access and the ability to run the program with sufficient rights to alter the target filesystem. If exploited, it may lead to unauthorized file reads or writes, but the attacker cannot gain code execution or elevate privileges.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

npitre

cramfs-tools

affected

Version	Status	Constraints
`2.0`	affected	—
`2.1`	affected	—
`2.2`	affected	—

No data.

Vendor Product Confidence Versions

Npitre

Cramfs-tools

100%

Version	Status	Scheme	Platform
`2.0`	affected	generic	—
`2.1`	affected	generic	—
`2.2`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade cramfs-tools to the patched version using commit b4a3a695c9873f824907bd15659f2a6ac7667b4f or any later release that contains the fix.
If an immediate upgrade is not possible, limit execution of cramfsck or other cramfs-tools utilities to trusted administrators and avoid running them on untrusted or externally mounted filesystems.
Audit any services or scripts that invoke cramfsck to ensure they run with the least privilege necessary and are not exposed to arbitrary input from insecure sources.

Generated by OpenCVE AI on May 18, 2026 at 04:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Multiple

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00027.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/npitre/cramfs-tools/
https://github.com/npitre/cramfs-tools/commit/b4a3a695c9873f824907bd15659f2a6ac7667b4f
https://github.com/npitre/cramfs-tools/issues/13
https://github.com/npitre/cramfs-tools/issues/13#issuecomment-4306102583
https://vuldb.com/submit/811897
https://vuldb.com/vuln/364408
https://vuldb.com/vuln/364408/cti

History

Mon, 18 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 18 May 2026 03:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named b4a3a695c9873f824907bd15659f2a6ac7667b4f. It is recommended to apply a patch to fix this issue.
Title		npitre cramfs-tools cramfsck.c change_file_status symlink
First Time appeared		Npitre Npitre cramfs-tools
Weaknesses		CWE-59 CWE-61
CPEs		cpe:2.3:a:npitre:cramfs-tools::::::::
Vendors & Products		Npitre Npitre cramfs-tools
References		https://github.com/npitre/cramfs-tools/ https://github.com/npitre/cramfs-tools/commit/b4a3a695c9873f824907bd15659f2a6ac7667b4f https://github.com/npitre/cramfs-tools/issues/13 https://github.com/npitre/cramfs-tools/issues/13#issuecomment-4306102583 https://vuldb.com/submit/811897 https://vuldb.com/vuln/364408 https://vuldb.com/vuln/364408/cti
Metrics		cvssV2_0 `{'score': 4, 'vector': 'AV:L/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}` cvssV3_0 `{'score': 4.2, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}` cvssV3_1 `{'score': 4.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}` cvssV4_0 `{'score': 4.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Npitre Cramfs-tools

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-18T02:30:13.275Z

Updated: 2026-05-18T12:24:18.988Z

Reserved: 2026-05-17T09:59:14.863Z

Link: CVE-2026-8784

Vulnrichment

Updated: 2026-05-18T12:24:15.256Z

NVD

Status : Deferred

Published: 2026-05-18T04:16:34.247

Modified: 2026-05-18T19:22:47.003

Link: CVE-2026-8784

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-18T05:00:13Z

Weaknesses

CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE-61
UNIX Symbolic Link (Symlink) Following

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Multiple

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object