CVE-2026-48095

7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer GetCuSize shift UB, potentially allowing attackers to cause arbitrary code execution or application...

CVE-2026-48095

7-Zip is a file archiver with a high compression ratio. Versions 26.00...

CVE-2026-48095

7-Zip (NTFS archive handler) in versions <= 26.00 has a heap buffer overflow in GetCuSize() due to under-allocation of the compressed-stream buffer when processing crafted NTFS images with large ClusterSizeLog and CompressionUnit. For BlockSizeLog + CompressionUnit, (UInt32)1 <

ALPINE-CVE-2026-1933

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

UBUNTU-CVE-2025-71309

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in nireadfoliocmpr Syzbot reported a task hung in nireadpagecmpr now nireadfoliocmpr. This is caused by a lock inversion deadlock involving the inode mutex nilock and page locks. Scenario: 1. Task A enters...

PT-2026-43694

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfs mount options leak in ntfs fill super In ntfs fill super, the fc-fs private pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfs fs free to skip freeing...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ntfs: Check overflow when iterating ATTRRECORDs The kernel iterates over ATTRRECORDS in mft records in the ntfsattrfind function. Since ATTRRECORDS are adjacent to each other, the kernel can access the next ATTRRECORD from the en...

CLSA-2026-1779219098 grub2: Fix of CVE-2023-4692

CVE-2023-4692: fix OOB write when parsing NTFS $ATTRIBUTELIST entries...

Unity Linux 20.1060e / 20.1070e Security Update: libgit2 (UTSA-2026-017579)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017579 advisory. An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may...

Astra Linux - уязвимость в ntfs-3g

In NTFS-3G, from version 2021.8.22, ntfsck has a heap-based buffer overflow issue, involving a value of buffer+5123-2. NOTE: The upstream documentation states that ntfsck is deprecated; however, it is still being distributed with some Linux distributions...

Astra Linux - уязвимость в grub2

A out-of-bounds read flaw was discovered in Grub2’s NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack can result in sensitive data cached in memory or EFI variabl...

CVE-2026-40706

A flaw was found in NTFS-3G. An attacker can exploit this by creating a specially crafted NTFS file system image. When this image is processed, a vulnerability known as a heap buffer overflow occurs, which can corrupt the computer's memory. This corruption happens within the ntfs-3g program, whic...

OESA-2026-2100 ntfs-3g security update

NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. Security Fixes: A heap buff...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-40706)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-40706 advisory. - In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in...

CVE-2026-40706

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...

CVE-2026-27927

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Projected File System allows an authorized attacker to elevate privileges locally...

CVE-2026-32074

Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally...

CVE-2026-27927

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Projected File System allows an authorized attacker to elevate privileges locally...

CVE-2026-32069 Windows Projected File System Elevation of Privilege Vulnerability

...

CVE-2026-25175

Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally...