LOW
npitre
CVE published 2026-05-18
CVE-2026-8784
A local symlink-following vulnerability exists in npitre cramfs-tools through version 2.2, specifically within the `change_file_status` function in `cramfsck.c`. The issue allows manipulation that results in symlink following, requiring local access to exploit. The vulnerability was published on 2026-05-18 and carries a LOW severity CVSS score of 1.8. A public patch is available via commit b4a3a695c9873f8 [truncated]