{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2637", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "state": "PUBLISHED", "assignerShortName": "Fluid Attacks", "dateReserved": "2026-02-17T19:10:25.606Z", "datePublished": "2026-03-03T14:04:28.459Z", "dateUpdated": "2026-03-03T14:35:43.673Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MacOS"], "product": "iBoysoft NTFS", "vendor": "iBoysoft", "versions": [{"status": "affected", "version": "8.0.0"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iboysoft:iboysoft_ntfs:8.0.0:*:macos:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Oscar Uribe"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon </span>ntfshelperd<span style=\"background-color: rgb(255, 255, 255);\">.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">The daemon exposes an NSConnection service </span><span style=\"background-color: rgb(255, 255, 255);\">that runs as root without implementing any authentication or authorization checks.</span></span><br><br><p>This issue affects iBoysoft NTFS: 8.0.0.</p>"}], "value": "iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon ntfshelperd.\u00a0The daemon exposes an NSConnection service that runs as root without implementing any authentication or authorization checks.\n\nThis issue affects iBoysoft NTFS: 8.0.0."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2026-03-03T14:04:28.459Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://fluidattacks.com/advisories/cuarteto"}, {"tags": ["product"], "url": "https://iboysoft.com/ntfs-for-mac/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-03T14:35:28.831057Z", "id": "CVE-2026-2637", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T14:35:43.673Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2637", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-03T14:35:28.831057Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T14:35:40.411Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Oscar Uribe"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "iBoysoft", "product": "iBoysoft NTFS", "versions": [{"status": "affected", "version": "8.0.0"}], "platforms": ["MacOS"], "defaultStatus": "unaffected"}], "references": [{"url": "https://fluidattacks.com/advisories/cuarteto", "tags": ["third-party-advisory"]}, {"url": "https://iboysoft.com/ntfs-for-mac/", "tags": ["product"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon ntfshelperd.\u00a0The daemon exposes an NSConnection service that runs as root without implementing any authentication or authorization checks.\n\nThis issue affects iBoysoft NTFS: 8.0.0.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon </span>ntfshelperd<span style=\"background-color: rgb(255, 255, 255);\">.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">The daemon exposes an NSConnection service </span><span style=\"background-color: rgb(255, 255, 255);\">that runs as root without implementing any authentication or authorization checks.</span></span><br><br><p>This issue affects iBoysoft NTFS: 8.0.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iboysoft:iboysoft_ntfs:8.0.0:*:macos:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2026-03-03T14:04:28.459Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2637", "state": "PUBLISHED", "dateUpdated": "2026-03-03T14:35:43.673Z", "dateReserved": "2026-02-17T19:10:25.606Z", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "datePublished": "2026-03-03T14:04:28.459Z", "assignerShortName": "Fluid Attacks"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iboysoft:ntfs_for_mac:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "53C6FBA4-0B4F-4E1B-80B0-D15E5A521C79", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon ntfshelperd.\u00a0The daemon exposes an NSConnection service that runs as root without implementing any authentication or authorization checks.\n\nThis issue affects iBoysoft NTFS: 8.0.0."}, {"lang": "es", "value": "iBoysoft NTFS para Mac contiene una vulnerabilidad de escalada de privilegios local en su demonio auxiliar privilegiado ntfshelperd. El demonio expone un servicio NSConnection que se ejecuta como root sin implementar ninguna comprobaci\u00f3n de autenticaci\u00f3n o autorizaci\u00f3n.\n\nEste problema afecta a iBoysoft NTFS: 8.0.0."}], "id": "CVE-2026-2637", "lastModified": "2026-04-27T13:12:44.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "help@fluidattacks.com", "type": "Secondary"}]}, "published": "2026-03-03T15:16:20.950", "references": [{"source": "help@fluidattacks.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://fluidattacks.com/advisories/cuarteto"}, {"source": "help@fluidattacks.com", "tags": ["Product"], "url": "https://iboysoft.com/ntfs-for-mac/"}], "sourceIdentifier": "help@fluidattacks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "help@fluidattacks.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["macos"], "status": "affected", "versions": {"scheme": "semver", "value": "8.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "iBoysoft NTFS", "source": "cna", "vendor": "iBoysoft"}, "product": "iboysoft_ntfs", "vendor": "iboysoft"}], "analysis": {"en": {"generated_at": "2026-04-16T14:04:59.087035+00:00", "value": {"mitigation_remediation": ["Apply the latest iBoysoft NTFS update that includes a patch for ntfshelperd, ensuring the daemon checks for proper authentication before accepting connections", "If an update is not yet available, unload the helper with launchctl unload /Library/LaunchDaemons/com.iboysoft.ntfshelperd.plist to disable the vulnerable service", "As a temporary measure, block nsconnection traffic to the daemon using macOS firewall rules or by restricting access to the associated socket file"], "summary": {"action": "Immediate Patch", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The affected product is iBoysoft NTFS for Mac version\u202f8.0.0. No other versions or products are listed in the CVE data. The vulnerability is only present in the stated version of the software on macOS, and any other version or platform should not be impacted unless otherwise reported.", "description_and_impact": "The vulnerability involves a privileged helper daemon called ntfshelperd, which is installed at system level to provide NTFS support on macOS. The daemon exposes an NSConnection service that runs with root privileges but does not perform any authentication or authorization checks for incoming requests. As a result, any local user can establish a connection to the daemon and invoke privileged operations, effectively elevating their privileges to root. This weakness aligns with CWE-732, which describes improper permissions for a privileged component.", "risk_and_exploitability": "The CVSS score of 8.5 indicates a high severity level. The EPSS score is reported as less than 1\u202f%, suggesting a very low but non\u2011zero probability of exploitation in the current moment. The vulnerability is not listed in the CISA KEV catalog, which means there are no confirmed exploits yet. The likely attack vector is local: an attacker who can run code on the Mac (for example, a compromised application or a malicious user on the machine) can connect to the nsconnection service and trigger privileged actions without needing any additional credentials."}}}}, "created": "2026-03-04T14:54:20.054276+00:00", "updated": "2026-04-16T14:15:28.803228+00:00", "vendors": ["iboysoft", "iboysoft$PRODUCT$iboysoft_ntfs"]}