What is GHSA-qv27-xjwp-hw6f?

GHSA-qv27-xjwp-hw6f is a security advisory published by GitHub Security Advisories with Low severity. A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function...

Which CVE IDs does GHSA-qv27-xjwp-hw6f cover?

GHSA-qv27-xjwp-hw6f covers the following CVE IDs: CVE-2026-8784. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-qv27-xjwp-hw6f?

GHSA-qv27-xjwp-hw6f has a CVSS v3 base score of 4.2, published by GitHub Security Advisories.

GHSA-qv27-xjwp-hw6fLowCVSS 4.2

A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function...

Vendor

GitHub Security Advisories

Published

May 18, 2026

Last Modified

May 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-8784 →

📋 Description

A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named b4a3a695c9873f824907bd15659f2a6ac7667b4f. It is recommended to apply a patch to fix this issue.

🔗 References (9)

https://nvd.nist.gov/vuln/detail/CVE-2026-8784
https://github.com/npitre/cramfs-tools/issues/13
https://github.com/npitre/cramfs-tools/issues/13#issuecomment-4306102583
https://github.com/npitre/cramfs-tools/commit/b4a3a695c9873f824907bd15659f2a6ac7667b4f
https://github.com/npitre/cramfs-tools
https://vuldb.com/submit/811897
https://vuldb.com/vuln/364408
https://vuldb.com/vuln/364408/cti
https://github.com/advisories/GHSA-qv27-xjwp-hw6f