Vulnerability in NILFS Utilities Affecting Data Integrity and Tool Performance
CVE-2026-55392

6.7MEDIUM

Key Information:

Vendor: Nilfs-dev
Status: Nilfs-utils
Vendor: CVE Published:; 18 June 2026

What is CVE-2026-55392?

The NILFS utilities contain a flaw in their handling of the NILFS2 superblock, particularly in the nilfs_sb_is_valid() function, which fails to properly validate the s_log_block_size field. This oversight leads to vulnerabilities when processing crafted NILFS2 images, allowing attackers to exploit oversized shifts or trigger out-of-memory conditions. Such exploits can lead to crashing critical tools like nilfs-tune and dumpseg, compromising data integrity and tool performance.

Affected Version(s)

nilfs-utils 0 <= 2.3.0

nilfs-utils 26efb5daff0757365101035145331b0a5a85d9d9

References

https://github.com/nilfs-dev/nilfs-utils/issues/26

issue-tracking

https://github.com/nilfs-dev/nilfs-utils/commit/26efb5daf...

patch

CVSS V4

Score:

6.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
Jun 16, 2026

Credit

Tristan Madani (@TristanInSec)

CVE-2026-55392 Data

JSON

Nilfs-dev

What is CVE-2026-55392?

Affected Version(s)

References

CVSS V4

Timeline

Credit