ByteOS Network

CVE Vulnerability Details :

CVE-2026-8274

PUBLISHED

More Info Official Page

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-11 May, 2026 | 04:45

Updated At-11 May, 2026 | 04:45

▼CVE Numbering Authority (CNA)

npitre cramfs-tools Directory cramfsck.c do_directory path traversal

A security vulnerability has been detected in npitre cramfs-tools up to 2.1. Affected is the function do_directory of the file cramfsck.c of the component Directory Handler. Such manipulation leads to path traversal. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. Upgrading to version 2.2 is able to address this issue. The name of the patch is 2fc492747115b24d8a07eddd27a2d45229cb273c. Upgrading the affected component is recommended.

Affected Products

Vendor

npitre

Product

cramfs-tools

Modules

Directory Handler

Versions

Affected

Unaffected

Problem Types

Type	CWE ID	Description
CWE	CWE-22	Path Traversal

Type: CWE

CWE ID: CWE-22

Description: Path Traversal

Metrics

Version	Base score	Base severity	Vector
4.0	4.8	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.1	5.3	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3.0	5.3	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2.0	4.3	N/A	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Version: 4.0

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Version: 3.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Version: 2.0

Base score: 4.3

Base severity: N/A

Vector:

AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Credits

reporter

nich0las (VulDB User)

Timeline

Event	Date
Advisory disclosed	2026-05-10 00:00:00
VulDB entry created	2026-05-10 02:00:00
VulDB entry last update	2026-05-10 18:03:44

Event: Advisory disclosed

Date: 2026-05-10 00:00:00

Event: VulDB entry created

Date: 2026-05-10 02:00:00

Event: VulDB entry last update

Date: 2026-05-10 18:03:44

References

Hyperlink	Resource
https://vuldb.com/vuln/362571	vdb-entry technical-description
https://vuldb.com/vuln/362571/cti	signature permissions-required
https://vuldb.com/submit/810864	third-party-advisory
https://github.com/npitre/cramfs-tools/issues/12	issue-tracking
https://github.com/npitre/cramfs-tools/issues/12#issue-4307511739	exploit issue-tracking
https://github.com/npitre/cramfs-tools/commit/2fc492747115b24d8a07eddd27a2d45229cb273c	patch
https://github.com/npitre/cramfs-tools/releases/tag/v2.2	patch
https://github.com/npitre/cramfs-tools/	product