Skip to main content

NTFS-3G CVE-2026-46570

MEDIUM
2026-07-15 vendor:ubuntu
Share

Severity by source

vuln.today AI
8.8 HIGH

Local vector because attacker supplies crafted image; SUID-root causes scope change; low privilege reflects standard local user invoking the SUID binary.

3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Lifecycle Timeline

2
Analysis Generated
Jul 16, 2026 - 16:33 vuln.today
CVE Published
Jul 15, 2026 - 00:00 cve.org
MEDIUM

DescriptionCVE.org

In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfs_index_walk_down() in libntfs-3g/index.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by reading crafted file metadata.

AnalysisAI

Heap buffer overflow in NTFS-3G through 2026.2.25 allows a local attacker to corrupt heap memory in the SUID-root ntfs-3g binary by supplying a crafted NTFS filesystem image, potentially achieving privilege escalation to root. The flaw resides in the index B-tree traversal function ntfs_index_walk_down() in libntfs-3g/index.c and is triggered during parsing of crafted file metadata. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Create crafted NTFS image with malformed index entries
Delivery
Invoke SUID-root ntfs-3g binary to process image
Exploit
Trigger heap overflow in ntfs_index_walk_down()
Execution
Corrupt heap memory in root-privileged process
Impact
Execute arbitrary code as root

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to be a local user on the affected system with the ability to invoke the ntfs-3g binary. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is elevated above what the absence of a CVSS score might suggest, primarily because the target binary is SUID-root, meaning successful heap corruption executes with root privileges regardless of the invoking user's privilege level. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user on a Linux system with NTFS-3G installed creates a specially crafted NTFS disk image with malformed index B-tree entries designed to exceed buffer bounds in ntfs_index_walk_down(). The attacker invokes the SUID-root ntfs-3g binary to mount or process the malicious image, triggering the heap buffer overflow. …
Remediation Apply the vendor-released patch as documented in Ubuntu Security Notice USN-8554-1, available at https://ubuntu.com/security/notices/USN-8554-1. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-46570 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy