Severity by source
Local attack requiring a user account (PR:L, AV:L); SUID-root execution constitutes a scope change (S:C) yielding full system compromise (C:H/I:H/A:H).
Lifecycle Timeline
2DescriptionCVE.org
In NTFS-3G through 2026.2.25, a heap-based buffer overflow exists in the function build_inherited_id() in libntfs-3g/security.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by creating a file in a crafted directory.
AnalysisAI
Heap-based buffer overflow in NTFS-3G through 2026.2.25 enables a local attacker to corrupt heap memory inside the SUID-root ntfs-3g binary, creating a local privilege escalation path to root. The flaw resides in build_inherited_id() within libntfs-3g/security.c and is triggered by creating a file inside a specially crafted directory on a malicious NTFS image supplied by the attacker. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an interactive local user account on the target system with the ability to execute the ntfs-3g binary. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No CVSS score or vector was supplied, requiring independent assessment. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privileged local user crafts or acquires a malicious NTFS filesystem image containing specially constructed directory security descriptor metadata, then invokes the SUID-root ntfs-3g binary to mount it. By creating a file within the crafted directory, the user triggers the heap overflow in build_inherited_id() running under the root security context, potentially overwriting heap control structures to redirect execution and achieve arbitrary code execution as root on the host system. |
| Remediation | Upgrade ntfs-3g to a release beyond 2026.2.25 once a patched version is published by the upstream project or your Linux distribution. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today