CVE-2026-40706
Received Received - Intake
Heap Buffer Overflow in NTFS-3G SUID-root Binary via Malicious NTFS Image

Publication date: 2026-04-21

Last updated on: 2026-04-21

Assigner: MITRE

Description
In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path (stat, readdir, open) when processing a security descriptor with multiple ACCESS_DENIED ACEs containing WRITE_OWNER from distinct group SIDs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-21
Last Modified
2026-04-21
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40706
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ntfs-3g ntfs-3g to 2026.2.25 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a heap buffer overflow in the ntfs_build_permissions_posix() function within the ntfs-3g software version 2022.10.3 before 2026.2.25. It occurs when the software processes a specially crafted NTFS image containing multiple ACCESS_DENIED ACEs with WRITE_OWNER permissions from different group SIDs. This overflow happens during read operations such as stat, readdir, or open, allowing an attacker to corrupt heap memory in the SUID-root ntfs-3g binary.

Impact Analysis

The vulnerability can lead to heap memory corruption in the ntfs-3g binary running with root privileges (SUID-root). This can potentially allow an attacker to execute arbitrary code with elevated privileges, causing a full compromise of the affected system. The CVSS score of 8.4 indicates a high severity with impacts on confidentiality, integrity, and availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40706. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart