CVE-2026-8784

CVSS v3.1

4.2

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions npitre cramfs-tools versions prior to 2.3

Description A local issue exists in the change file status() function within the cramfsck.c file. A manipulation of this function allows for symlink following, which occurs when a program follows a symbolic link to a target file, potentially allowing access to unauthorized files.

Recommendations Apply the patch b4a3a695c9873f824907bd15659f2a6ac7667b4f to resolve the issue. As a temporary workaround, restrict access to the change file status() function in cramfsck.c to minimize the risk of exploitation.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-61CWE-59

Related Identifiers

CVE-2026-8784

Affected Products

Cramfs-Tools

CVE-2026-8784

Weakness Enumeration

Related Identifiers

Affected Products

References · 11