Skip to main content

NTFS-3G CVE-2026-46572

MEDIUM
2026-07-15 vendor:ubuntu
Share

Severity by source

vuln.today AI
8.8 HIGH

Local vector because attacker supplies the disk image; PR:L because most Linux distros permit unprivileged FUSE mounts; S:C because SUID-root escalates impact beyond the user context.

3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Lifecycle Timeline

2
Analysis Generated
Jul 16, 2026 - 16:31 vuln.today
CVE Published
Jul 15, 2026 - 00:00 cve.org
MEDIUM

DescriptionCVE.org

In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfs_ib_cut_tail() in libntfs-3g/index.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by creating a file in a crafted directory.

AnalysisAI

Heap buffer overflow in NTFS-3G through 2026.2.25 allows local privilege escalation to root via a crafted NTFS filesystem image. The overflow occurs in ntfs_ib_cut_tail() within the index management code when a file is created inside a specially constructed directory on a malicious NTFS image. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious NTFS image with corrupt index blocks
Delivery
Mount image via SUID-root ntfs-3g binary
Exploit
Create file inside crafted directory
Execution
Trigger heap overflow in ntfs_ib_cut_tail()
Persist
Corrupt root-process heap metadata
Impact
Execute arbitrary code as root

Vulnerability AssessmentAI

Exploitation The SUID-root ntfs-3g binary must be installed on the target system, which is the default on Ubuntu and most major Linux distributions. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The real-world risk is meaningful but bounded by the local attack vector. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a local unprivileged shell account crafts a malicious NTFS image containing a specially structured directory with corrupt index block metadata. The attacker mounts this image using ntfs-3g (which executes as SUID-root via FUSE) and creates a file inside the crafted directory, triggering the heap buffer overflow in ntfs_ib_cut_tail() within the root-privileged process. …
Remediation The primary remediation is to upgrade ntfs-3g to a version released after 2026.2.25 once a patched release is published by the upstream project or your Linux distribution. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-46572 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy