CVE-2025-66002

Smb4k - Command Injection

Title source: llm

Description

An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper

References (2)

[Issue Tracking] https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66002

[Various Sources] https://security.opensuse.org/2025/12/10/smb4k-major-issues-in-kauth-helper.html

Scores

EPSS 0.0003

EPSS Percentile 7.7%

Classification

CWE

CWE-88

Status draft

Timeline

Published Jan 08, 2026

Tracked Since Feb 18, 2026