CVE-2026-12505

HIGH

Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

Title source: cna

Description

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted request_key payload to trick the root-owned helper into entering a custom environment (namespace) containing a malicious NSS module. This forces the system to load the attacker's controlled NSS Module and configuration, allowing them to execute arbitrary commands as the root user, elevating their privileges and fully compromising the system.

References (3)

Core 3

Core References

Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2026-12505

Issue Tracking, X_Refsource_Redhat issue-tracking x_refsource_redhat

RHBZ#2489805

https://bugzilla.redhat.com/show_bug.cgi?id=2489805

https://git.samba.org/?p=cifs-utils.git;a=commit;h=972c5b5ff95e3e812bc8daa72d0383654ab0dba7

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 2.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-250

Status published

Products (6)

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8

Red Hat/Red Hat Enterprise Linux 9

Red Hat/Red Hat OpenShift Container Platform 4

Published Jun 18, 2026

Tracked Since Jun 18, 2026