Skip to main content

NTFS-3G CVE-2026-46571

MEDIUM
2026-07-15 vendor:ubuntu
Share

Severity by source

vuln.today AI
3.3 LOW

Requires local mounting of a crafted image and user-initiated readlink; impact is limited to low-severity memory read within ntfs-3g process with no integrity or availability effect.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Lifecycle Timeline

2
Analysis Generated
Jul 16, 2026 - 16:33 vuln.today
CVE Published
Jul 15, 2026 - 00:00 cve.org
MEDIUM

DescriptionCVE.org

In NTFS-3G through 2026.2.25, a out-of-bounds read exists in ntfs_fix_file_name() in libntfs-3g/reparse.c that allows an attacker to read possibly confidential information in ntfs-3g process memory by crafting a malicious NTFS image. The out-of-bounds read is triggered by a readlink on a corrupted file.

AnalysisAI

Out-of-bounds memory read in NTFS-3G through 2026.2.25 exposes ntfs-3g process memory contents when a victim mounts a crafted NTFS filesystem image and invokes readlink on a corrupted reparse point file. The defect resides in ntfs_fix_file_name() within libntfs-3g/reparse.c and can disclose potentially confidential in-process data - such as recently processed file paths or runtime buffers - to the attacker who supplied the malicious image. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious NTFS image with corrupted reparse point
Delivery
Deliver image to target (USB, download, or network share)
Exploit
Victim mounts image via ntfs-3g
Execution
Application or user invokes readlink on corrupted file
Persist
OOB read triggered in ntfs_fix_file_name()
Impact
ntfs-3g process memory contents leaked to attacker

Vulnerability AssessmentAI

Exploitation Exploitation requires that the attacker's malicious NTFS filesystem image be mounted by an ntfs-3g instance on the target system - the attacker cannot trigger this remotely without the victim first performing or initiating a mount. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No CVSS vector or EPSS score was provided with this CVE, requiring all metric judgements to be independently assessed from the description. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious NTFS disk image containing a reparse point file with corrupted metadata designed to trigger the boundary violation in ntfs_fix_file_name(), then delivers it to a target system - for example, via USB, a downloaded archive, or a shared network path. When the victim mounts the image using ntfs-3g and the operating system or a user application calls readlink on the corrupted file, the out-of-bounds read occurs within the ntfs-3g process, potentially leaking in-memory data such as file path buffers or adjacent heap contents back to the attacker. …
Remediation Apply the vendor-released patch documented in Ubuntu Security Notice USN-8554-1 (https://ubuntu.com/security/notices/USN-8554-1); Ubuntu users should update the ntfs-3g package via apt. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-46571 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy