CVE-2026-2637

Exploit

EPSS 0.17%
Veröffentlicht 03.03.2026 14:04:28
Zuletzt bearbeitet 27.04.2026 13:12:44
Quelle help@fluidattacks.com
CVE-Watchlists
Login
Unerledigt
Login

iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon ntfshelperd. The daemon exposes an NSConnection service that runs as root without implementing any authentication or authorization checks.

This issue affects iBoysoft NTFS: 8.0.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Iboysoft ≫ Ntfs For Mac Version8.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.063

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
help@fluidattacks.com	8.5	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://fluidattacks.com/advisories/cuarteto

Third Party Advisory

Exploit

https://iboysoft.com/ntfs-for-mac/

Product

https://nvd.nist.gov/vuln/detail/CVE-2026-2637

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-2637

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-2637

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-2637