CVE-2026-40706
published 2026-04-21CVE-2026-40706: In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory…
PriorityP345high8.4CVSS 3.1
AVLACLPRNUINSUCHIHAH
EPSS
0.17%
6.1th percentile
In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path (stat, readdir, open) when processing a security descriptor with multiple ACCESS_DENIED ACEs containing WRITE_OWNER from distinct group SIDs.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tuxera | ntfs-3g | >= 2022.10.3 < 2026.2.25 | 2026.2.25 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-40706 ntfs-3g: NTFS-3G: Arbitrary code execution via crafted NTFS image [epel-all]
bugzilla·2026-04-25·CVSS 8.4
CVE-2026-40706 [HIGH] CVE-2026-40706 ntfs-3g: NTFS-3G: Arbitrary code execution via crafted NTFS image [epel-all]
CVE-2026-40706 ntfs-3g: NTFS-3G: Arbitrary code execution via crafted NTFS image [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-40706 ntfs-3g: NTFS-3G: Arbitrary code execution via crafted NTFS image [fedora-all]
bugzilla·2026-04-25·CVSS 8.4
CVE-2026-40706 [HIGH] CVE-2026-40706 ntfs-3g: NTFS-3G: Arbitrary code execution via crafted NTFS image [fedora-all]
CVE-2026-40706 ntfs-3g: NTFS-3G: Arbitrary code execution via crafted NTFS image [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-40706 ntfs-3g: NTFS-3G: Arbitrary code execution via crafted NTFS image
bugzilla·2026-04-21·CVSS 8.4
CVE-2026-40706 [HIGH] CVE-2026-40706 ntfs-3g: NTFS-3G: Arbitrary code execution via crafted NTFS image
CVE-2026-40706 ntfs-3g: NTFS-3G: Arbitrary code execution via crafted NTFS image
In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path (stat, readdir, open) when processing a security descriptor with multiple ACCESS_DENIED ACEs containing WRITE_OWNER from distinct group SIDs.
https://github.com/tuxera/ntfs-3g/blob/d3ace19838ce37cfde55294e76841e6d2f393f9e/libntfs-3g/acls.c#L4011-L4027https://github.com/tuxera/ntfs-3g/releases/tag/2026.2.25https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-4cwv-5285-63v9https://www.openwall.com/lists/oss-security/2026/04/21/4http://www.openwall.com/lists/oss-security/2026/04/21/4https://lists.debian.org/debian-lts-announce/2026/04/msg00024.html
2026-04-21
Published