A vulnerability has been found in tuxera ntfs-3g 2022.10.3 and classified as critical . This impacts the function ntfs_build_permissions_posix of the file acls.c of the component NTFS Image Handler . This manipulation causes buffer overflow. This vulnerability appears as CVE-2026-40706 . The attack requires local access. There is no available exploit. The affected component should be upgraded.
Full text archived locally
✦ AI Summary· Claude Sonnet
VDB-358544 · CVE-2026-40706 · GCVE-0-2026-40706
TUXERA NTFS-3G 2022.10.3 NTFS IMAGE ACLS.C NTFS_BUILD_PERMISSIONS_POSIX BUFFER OVERFLOW
HISTORYDIFFRELATEJSONXMLCTI
CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score
7.5 $0-$5k 2.90+
Summaryinfo
A vulnerability was found in tuxera ntfs-3g 2022.10.3 and classified as critical. Affected is the function ntfs_build_permissions_posix of the file acls.c of the component NTFS Image Handler. Such manipulation leads to buffer overflow. This vulnerability is traded as CVE-2026-40706. An attack has to be approached locally. There is no exploit available. It is suggested to upgrade the affected component.
Detailsinfo
A vulnerability, which was classified as critical, has been found in tuxera ntfs-3g 2022.10.3. Affected by this issue is the function ntfs_build_permissions_posix of the file acls.c of the component NTFS Image Handler. The manipulation with an unknown input leads to a buffer overflow vulnerability. Using CWE to declare the problem leads to CWE-120. The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. Impacted is confidentiality, integrity, and availability.
The advisory is shared for download at seclists.org. This vulnerability is handled as CVE-2026-40706. The exploitation is known to be easy. The attack needs to be approached locally. There are known technical details, but no exploit is available.
Upgrading to version 2026.2.25 eliminates this vulnerability. The upgrade is hosted for download at github.com.
Productinfo
Vendor
tuxera
Name
ntfs-3g
Version
2022.10.3
License
open-source
Website
Product: https://github.com/tuxera/ntfs-3g/
CPE 2.3info
🔒
CPE 2.2info
🔒
CVSSv4info
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv3info
VulDB Meta Base Score: 7.8
VulDB Meta Temp Score: 7.5
VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2info
Vector Complexity Authentication Confidentiality Integrity Availability
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploitinginfo
Class: Buffer overflow
CWE: CWE-120 / CWE-119
CAPEC: 🔒
ATT&CK: 🔒
Physical: Partially
Local: Yes
Remote: No
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day Unlock Unlock Unlock Unlock
Today Unlock Unlock Unlock Unlock
Threat Intelligenceinfo
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍
Countermeasuresinfo
Recommended: Upgrade
Status: 🔍
0-Day Time: 🔒
Upgrade: ntfs-3g 2026.2.25
Timelineinfo
04/21/2026 Advisory disclosed
04/21/2026 +0 days VulDB entry created
04/21/2026 +0 days VulDB entry last update
Sourcesinfo
Product: github.com
Advisory: seclists.org
Status: Confirmed
Confirmation: 🔒
CVE: CVE-2026-40706 (🔒)
GCVE (CVE): GCVE-0-2026-40706
GCVE (VulDB): GCVE-100-358544
Entryinfo
Created: 04/21/2026 19:46
Changes: 04/21/2026 19:46 (56)
Complete: 🔍
Cache ID: 99:0E2:101
Discussion
No comments yet. Languages: en.
Please log in to comment.
◂ PreviousOverviewNext ▸