CVE-2026-40706
Received Received - Intake

Heap Buffer Overflow in NTFS-3G SUID-root Binary via Malicious NTFS Image

Vulnerability report for CVE-2026-40706, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-21

Last updated on: 2026-04-21

Assigner: MITRE

Description

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path (stat, readdir, open) when processing a security descriptor with multiple ACCESS_DENIED ACEs containing WRITE_OWNER from distinct group SIDs.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-21
Last Modified
2026-04-21
Generated
2026-07-06
AI Q&A
2026-04-22
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ntfs-3g ntfs-3g to 2026.2.25 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a heap buffer overflow in the ntfs_build_permissions_posix() function within the ntfs-3g software version 2022.10.3 before 2026.2.25. It occurs when the software processes a specially crafted NTFS image containing multiple ACCESS_DENIED ACEs with WRITE_OWNER permissions from different group SIDs. This overflow happens during read operations such as stat, readdir, or open, allowing an attacker to corrupt heap memory in the SUID-root ntfs-3g binary.

Impact Analysis

The vulnerability can lead to heap memory corruption in the ntfs-3g binary running with root privileges (SUID-root). This can potentially allow an attacker to execute arbitrary code with elevated privileges, causing a full compromise of the affected system. The CVSS score of 8.4 indicates a high severity with impacts on confidentiality, integrity, and availability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40706. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart