PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-8784 npitre CVE debrief

A local symlink-following vulnerability exists in npitre cramfs-tools through version 2.2, specifically within the `change_file_status` function in `cramfsck.c`. The issue allows manipulation that results in symlink following, requiring local access to exploit. The vulnerability was published on 2026-05-18 and carries a LOW severity CVSS score of 1.8. A public patch is available via commit b4a3a695c9873f824907bd15659f2a6ac7667b4f. The weakness is associated with CWE-59 (Improper Link Resolution Before File Access) and CWE-61 (UNIX Symbolic Link Following).

Vendor
npitre
Product
cramfs-tools
CVSS
LOW 1.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-18
Original CVE updated
2026-05-18
Advisory published
2026-05-18
Advisory updated
2026-05-18

Who should care

System administrators maintaining systems with cramfs-tools installed, particularly those processing untrusted cramfs filesystem images in multi-user environments.

Technical summary

The `change_file_status` function in `cramfsck.c` of npitre cramfs-tools versions up to 2.2 contains a vulnerability that allows symlink following through local manipulation. The issue is classified under CWE-59 (Improper Link Resolution Before File Access) and CWE-61 (UNIX Symbolic Link Following). Exploitation requires local access and high privileges, with limited impact to confidentiality, integrity, and availability. A patch has been published and is publicly available.

Defensive priority

low

Recommended defensive actions

  • Apply the available patch (commit b4a3a695c9873f824907bd15659f2a6ac7667b4f) to remediate the symlink-following vulnerability in cramfs-tools.
  • Restrict local access to systems running cramfs-tools to trusted users only, as exploitation requires local attack vector.
  • Review filesystem permissions and symlink handling in environments where cramfs-tools processes untrusted cramfs images.
  • Monitor for updates to cramfs-tools and verify patch application through commit signature or package manager verification.

Evidence notes

Vulnerability affects `change_file_status` function in `cramfsck.c`. Attack requires local access. Patch commit b4a3a695c9873f824907bd15659f2a6ac7667b4f identified. CWE-59 and CWE-61 classified.

Official resources

2026-05-18