CVE-2026-40706
Heap Buffer Overflow in NTFS-3G SUID-root Binary via Malicious NTFS Image
Publication date: 2026-04-21
Last updated on: 2026-04-21
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ntfs-3g | ntfs-3g | to 2026.2.25 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap buffer overflow in the ntfs_build_permissions_posix() function within the ntfs-3g software version 2022.10.3 before 2026.2.25. It occurs when the software processes a specially crafted NTFS image containing multiple ACCESS_DENIED ACEs with WRITE_OWNER permissions from different group SIDs. This overflow happens during read operations such as stat, readdir, or open, allowing an attacker to corrupt heap memory in the SUID-root ntfs-3g binary.
How can this vulnerability impact me? :
The vulnerability can lead to heap memory corruption in the ntfs-3g binary running with root privileges (SUID-root). This can potentially allow an attacker to execute arbitrary code with elevated privileges, causing a full compromise of the affected system. The CVSS score of 8.4 indicates a high severity with impacts on confidentiality, integrity, and availability.