CVE-2026-40706: CWE-122 Heap-based Buffer Overflow in Tuxera NTFS-3G
CVE-2026-40706 is a high-severity heap-based buffer overflow vulnerability in the Tuxera NTFS-3G driver version 2022. 10. 3 and earlier before 2026. 2. 25. The flaw exists in the ntfs_build_permissions_posix() function within acls. c and can be triggered by processing a malicious NTFS image containing specific security descriptors with multiple ACCESS_DENIED ACEs that include WRITE_OWNER from distinct group SIDs. This vulnerability affects the SUID-root ntfs-3g binary during file read operations such as stat, readdir, and open, potentially allowing heap memory corruption. No official patch or remediation guidance is currently available from the vendor. The vulnerability has a CVSS 3.
AI Analysis
Technical Summary
The vulnerability CVE-2026-40706 is a heap-based buffer overflow in the ntfs_build_permissions_posix() function of the Tuxera NTFS-3G driver (version 2022.10.3 and earlier before 2026.2.25). It occurs when the driver processes a crafted NTFS image containing multiple ACCESS_DENIED ACEs with WRITE_OWNER flags from distinct group SIDs in the security descriptor. This triggers the overflow on read operations (stat, readdir, open) in the SUID-root ntfs-3g binary, leading to heap memory corruption. The vulnerability is classified as CWE-122 and has a CVSS 3.1 score of 8.4, reflecting high severity. No patch or official remediation has been published yet, and no known exploits are reported in the wild.
Potential Impact
Successful exploitation of this vulnerability can lead to heap memory corruption in the SUID-root ntfs-3g binary, potentially allowing an attacker to execute arbitrary code with elevated privileges, cause denial of service, or compromise system confidentiality and integrity. The CVSS score of 8.4 indicates high impact on confidentiality, integrity, and availability. However, there are no known active exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should avoid mounting or processing untrusted NTFS images with the affected NTFS-3G versions. Monitor vendor channels for updates and apply patches promptly once available.
CVE-2026-40706: CWE-122 Heap-based Buffer Overflow in Tuxera NTFS-3G
Description
CVE-2026-40706 is a high-severity heap-based buffer overflow vulnerability in the Tuxera NTFS-3G driver version 2022. 10. 3 and earlier before 2026. 2. 25. The flaw exists in the ntfs_build_permissions_posix() function within acls. c and can be triggered by processing a malicious NTFS image containing specific security descriptors with multiple ACCESS_DENIED ACEs that include WRITE_OWNER from distinct group SIDs. This vulnerability affects the SUID-root ntfs-3g binary during file read operations such as stat, readdir, and open, potentially allowing heap memory corruption. No official patch or remediation guidance is currently available from the vendor. The vulnerability has a CVSS 3.
CVSS v3.1
Score 8.4high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-40706 is a heap-based buffer overflow in the ntfs_build_permissions_posix() function of the Tuxera NTFS-3G driver (version 2022.10.3 and earlier before 2026.2.25). It occurs when the driver processes a crafted NTFS image containing multiple ACCESS_DENIED ACEs with WRITE_OWNER flags from distinct group SIDs in the security descriptor. This triggers the overflow on read operations (stat, readdir, open) in the SUID-root ntfs-3g binary, leading to heap memory corruption. The vulnerability is classified as CWE-122 and has a CVSS 3.1 score of 8.4, reflecting high severity. No patch or official remediation has been published yet, and no known exploits are reported in the wild.
Potential Impact
Successful exploitation of this vulnerability can lead to heap memory corruption in the SUID-root ntfs-3g binary, potentially allowing an attacker to execute arbitrary code with elevated privileges, cause denial of service, or compromise system confidentiality and integrity. The CVSS score of 8.4 indicates high impact on confidentiality, integrity, and availability. However, there are no known active exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should avoid mounting or processing untrusted NTFS images with the affected NTFS-3G versions. Monitor vendor channels for updates and apply patches promptly once available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-04-15T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e7e91619fe3cd2cdfaec3d
Added to database: 4/21/2026, 9:16:06 PM
Last enriched: 4/29/2026, 11:22:11 AM
Last updated: 6/5/2026, 12:40:41 AM
Views: 65
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.