CVE-2026-8784

Published: Mag 18, 2026 Last Modified: Mag 18, 2026

ExploitDB:

Other exploit source:

Google Dorks:

LOW 1,8

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: high

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 4,2

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: high

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: low

MEDIUM 4,0

Source: [email protected]

Access Vector: local

Access Complexity: low

Authentication: multiple

Confidentiality: partial

Integrity: partial

Availability: partial

Description

AI Translation Available

A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named b4a3a695c9873f824907bd15659f2a6ac7667b4f. It is recommended to apply a patch to fix this issue.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0002

Percentile

0,0th

Updated

EPSS Score Trend (Last 3 Days)

59

Improper Link Resolution Before File Access ('Link Following')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control Other

Potential Impacts:

Read Files Or Directories Modify Files Or Directories Bypass Protection Mechanism Execute Unauthorized Code Or Commands

Applicable Platforms

Operating Systems: Windows, Unix

Likelihood of Exploit: Medium

View CWE Details

61

UNIX Symbolic Link (Symlink) Following

Incomplete

Abstraction: Compound Structure: Composite

Common Consequences

Security Scopes Affected:

Confidentiality Integrity

Potential Impacts:

Read Files Or Directories Modify Files Or Directories

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

https://github.com/npitre/cramfs-tools/

https://github.com/npitre/cramfs-tools/

https://github.com/npitre/cramfs-tools/commit/b4a3a695c9873…

https://github.com/npitre/cramfs-tools/commit/b4a3a695c9873f824907bd15659f2a6ac…

https://github.com/npitre/cramfs-tools/issues/13

https://github.com/npitre/cramfs-tools/issues/13

https://github.com/npitre/cramfs-tools/issues/13#issuecomme…

https://github.com/npitre/cramfs-tools/issues/13#issuecomment-4306102583

https://vuldb.com/submit/811897

https://vuldb.com/submit/811897

https://vuldb.com/vuln/364408

https://vuldb.com/vuln/364408

https://vuldb.com/vuln/364408/cti

https://vuldb.com/vuln/364408/cti