CVE-2026-3238

HIGH

Samba: denial of service against ad dc wins server

Title source: cna

Description

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets.

References (3)

Core 3

Core References

https://www.samba.org/samba/security/CVE-2026-3238.html

Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2026-3238

Issue Tracking, X_Refsource_Redhat issue-tracking x_refsource_redhat

RHBZ#2486176

https://bugzilla.redhat.com/show_bug.cgi?id=2486176

Scores

CVSS v3 7.5

EPSS 0.0280

EPSS Percentile 84.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (6)

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8

Red Hat/Red Hat Enterprise Linux 9

Red Hat/Red Hat OpenShift Container Platform 4

Published Jun 08, 2026

Tracked Since Jun 08, 2026