CVE-2026-8274: Path Traversal in npitre cramfs-tools
CVE-2026-8274 is a path traversal vulnerability in the do_directory function of cramfsck. c within npitre cramfs-tools versions up to 2. 1. This vulnerability allows local attackers to manipulate directory handling to perform path traversal. Exploitation requires local access and no user interaction. A public exploit disclosure exists. Upgrading to version 2. 2, which includes a patch identified by commit 2fc492747115b24d8a07eddd27a2d45229cb273c, mitigates the issue.
AI Analysis
Technical Summary
The vulnerability in npitre cramfs-tools (up to version 2.1) resides in the do_directory function of the cramfsck.c file, part of the Directory Handler component. It allows local attackers with low privileges to perform path traversal attacks by manipulating directory processing. This can potentially lead to unauthorized file access or modification within the local environment. The issue has been publicly disclosed, and a patch is available in version 2.2.
Potential Impact
The vulnerability enables local attackers to perform path traversal, which may allow unauthorized access to files outside intended directories. The CVSS 4.8 (medium severity) reflects limited attack vector (local), low complexity, and no user interaction required. There are no known exploits in the wild at this time.
Mitigation Recommendations
Upgrade npitre cramfs-tools to version 2.2, which contains the official patch (commit 2fc492747115b24d8a07eddd27a2d45229cb273c) addressing this vulnerability. No other mitigation or temporary fix is indicated. Patch status is confirmed by the vendor recommendation to upgrade.
CVE-2026-8274: Path Traversal in npitre cramfs-tools
Description
CVE-2026-8274 is a path traversal vulnerability in the do_directory function of cramfsck. c within npitre cramfs-tools versions up to 2. 1. This vulnerability allows local attackers to manipulate directory handling to perform path traversal. Exploitation requires local access and no user interaction. A public exploit disclosure exists. Upgrading to version 2. 2, which includes a patch identified by commit 2fc492747115b24d8a07eddd27a2d45229cb273c, mitigates the issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in npitre cramfs-tools (up to version 2.1) resides in the do_directory function of the cramfsck.c file, part of the Directory Handler component. It allows local attackers with low privileges to perform path traversal attacks by manipulating directory processing. This can potentially lead to unauthorized file access or modification within the local environment. The issue has been publicly disclosed, and a patch is available in version 2.2.
Potential Impact
The vulnerability enables local attackers to perform path traversal, which may allow unauthorized access to files outside intended directories. The CVSS 4.8 (medium severity) reflects limited attack vector (local), low complexity, and no user interaction required. There are no known exploits in the wild at this time.
Mitigation Recommendations
Upgrade npitre cramfs-tools to version 2.2, which contains the official patch (commit 2fc492747115b24d8a07eddd27a2d45229cb273c) addressing this vulnerability. No other mitigation or temporary fix is indicated. Patch status is confirmed by the vendor recommendation to upgrade.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-10T15:58:40.236Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a01604ccbff5d861079fce0
Added to database: 5/11/2026, 4:51:24 AM
Last enriched: 5/11/2026, 5:06:22 AM
Last updated: 5/11/2026, 8:12:33 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.