← back
CVE-2026-8784

npitre cramfs-tools cramfsck.c change_file_status symlink

CVSS 4.6 MEDIUMEPSS 0.2%CWE-59CWE-61
A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named b4a3a695c9873f824907bd15659f2a6ac7667b4f. It is recommended to apply a patch to fix this issue.
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
npitre · cramfs-tools
public PoCs found1
cve_referencegithub.com/npitre/cramfs-tools/issues/13unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/npitre/cramfs-tools/https://github.com/npitre/cramfs-tools/commit/b4a3a695c9873f824907bd15659f2a6ac7667b4fhttps://github.com/npitre/cramfs-tools/issues/13https://github.com/npitre/cramfs-tools/issues/13#issuecomment-4306102583https://vuldb.com/submit/811897https://vuldb.com/vuln/364408https://vuldb.com/vuln/364408/cti