Skip to main content

NTFS-3G CVE-2026-56136

MEDIUM
2026-07-15 vendor:ubuntu
Share

Severity by source

vuln.today AI
3.3 LOW

Local delivery of a crafted image requires UI:R to mount; read-only memory leak yields C:L with no integrity or availability impact.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Lifecycle Timeline

1
Analysis Generated
Jul 16, 2026 - 16:32 vuln.today

DescriptionCVE.org

In NTFS-3G through 2026.2.25, an out-of-bounds read exists in ntfs_ir_nill() in libntfs-3g/index.c that allows an attacker to read possibly confidential information in an ntfs-3g process by crafting a malicious NTFS image. This read operation is triggered by creation of a file with a crafted name.

AnalysisAI

Out-of-bounds read in NTFS-3G through version 2026.2.25 exposes ntfs-3g process memory when a maliciously crafted NTFS image is mounted and a file with a specially crafted name is created on it. The flaw in ntfs_ir_nill() within the index-handling code allows an attacker who controls the filesystem image to read data from the running ntfs-3g process that may include confidential in-memory contents. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious NTFS image with bad index
Delivery
Deliver image to target via USB or download
Exploit
Victim mounts image with ntfs-3g
Execution
Trigger file creation with crafted filename
Persist
OOB read leaks ntfs-3g process memory
Impact
Attacker reads confidential in-process data

Vulnerability AssessmentAI

Exploitation The vulnerability is triggered specifically during the creation of a file with a crafted name on a mounted NTFS volume whose index structures have been pre-arranged in a malicious NTFS image. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No official CVSS score or vector is available for this CVE, so risk must be inferred from the description and context. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker prepares a malicious NTFS disk image with a specially crafted directory index structure designed to trigger the out-of-bounds read in ntfs_ir_nill(). The image is delivered to the target via a USB drive, a network file share, or a downloaded disk image file. …
Remediation The primary remediation is to upgrade to an NTFS-3G release newer than 2026.2.25 once a patched version is published by the upstream project or packaged by the relevant Linux distribution. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-56136 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy