CVE-2026-40706 - NTFS-3G - Buffer Overflow

Overview

NTFS-3G > 2022.10.3 and < 2026.2.25 contains a heap buffer overflow caused by improper handling of multiple ACCESS_DENIED ACEs with WRITE_OWNER from distinct group SIDs in ntfs_build_permissions_posix(), letting attackers corrupt heap memory via crafted NTFS images, exploit requires crafted malicious NTFS image.

Severity & Score

Severity: High

CVSS Score: 8.4

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Attackers can corrupt heap memory in the SUID-root ntfs-3g binary, potentially leading to privilege escalation or code execution.

Mitigation

Update to version 2026.2.25 or later.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Apr 21, 2026

🟠 CVE-2026-40706 - High (8.4) In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is tri... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40706/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Apr 21, 2026

🟠 CVE-2026-40706 - High (8.4) In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is tri... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40706/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

CVE-2026-40706 - Vulnerability Analysis

Overview

Severity & Score

Impact

Mitigation

References

Social Media Activity(2 posts)

Related Resources

Details

CWE

CVSS Metrics

EPSS Score