A vulnerability described as critical has been identified in npitre cramfs-tools up to 2.1 . Affected is the function do_directory of the file cramfsck.c of the component Directory Handler . Such manipulation leads to path traversal. This vulnerability is referenced as CVE-2026-8274 . The attack can only be performed from a local environment. Furthermore, an exploit is available. Upgrading the affected component is recommended.