Skip to main content

NTFS-3G CVE-2026-56135

MEDIUM
2026-07-15 vendor:ubuntu
Share

Severity by source

vuln.today AI
8.8 HIGH

Local attack requiring a user account (PR:L, AV:L); SUID-root execution constitutes a scope change (S:C) yielding full system compromise (C:H/I:H/A:H).

3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Lifecycle Timeline

2
Analysis Generated
Jul 16, 2026 - 16:32 vuln.today
CVE Published
Jul 15, 2026 - 00:00 cve.org
MEDIUM

DescriptionCVE.org

In NTFS-3G through 2026.2.25, a heap-based buffer overflow exists in the function build_inherited_id() in libntfs-3g/security.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by creating a file in a crafted directory.

AnalysisAI

Heap-based buffer overflow in NTFS-3G through 2026.2.25 enables a local attacker to corrupt heap memory inside the SUID-root ntfs-3g binary, creating a local privilege escalation path to root. The flaw resides in build_inherited_id() within libntfs-3g/security.c and is triggered by creating a file inside a specially crafted directory on a malicious NTFS image supplied by the attacker. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious NTFS image with poisoned directory metadata
Delivery
Mount image using SUID-root ntfs-3g binary
Exploit
Create file inside crafted directory
Execution
Trigger heap overflow in build_inherited_id() as root
Persist
Overwrite heap control structures
Impact
Execute arbitrary code with root privileges

Vulnerability AssessmentAI

Exploitation Exploitation requires an interactive local user account on the target system with the ability to execute the ntfs-3g binary. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No CVSS score or vector was supplied, requiring independent assessment. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged local user crafts or acquires a malicious NTFS filesystem image containing specially constructed directory security descriptor metadata, then invokes the SUID-root ntfs-3g binary to mount it. By creating a file within the crafted directory, the user triggers the heap overflow in build_inherited_id() running under the root security context, potentially overwriting heap control structures to redirect execution and achieve arbitrary code execution as root on the host system.
Remediation Upgrade ntfs-3g to a release beyond 2026.2.25 once a patched version is published by the upstream project or your Linux distribution. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-56135 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy