CVE-2026-4408

CRITICAL

Samba: remote code execution in samr

Title source: cna
STIX 2.1

Description

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execution on the affected system. This issue primarily affects non-standard configurations where the "check password script" is used with %u and the samba-dcerpcd service is started as a system service.

References (7)

Core 7
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:22644
https://access.redhat.com/errata/RHSA-2026:22644
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:22963
https://access.redhat.com/errata/RHSA-2026:22963
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:25049
https://access.redhat.com/errata/RHSA-2026:25049
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:25979
https://access.redhat.com/errata/RHSA-2026:25979
Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-4408
Issue Tracking, X_Refsource_Redhat issue-tracking x_refsource_redhat
RHBZ#2479762
https://bugzilla.redhat.com/show_bug.cgi?id=2479762

Scores

CVSS v3 9.0
EPSS 0.0183
EPSS Percentile 76.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (15)
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 10 0:4.23.5-109.el10_2
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 8 0:4.19.4-16.el8_10
Red Hat/Red Hat Enterprise Linux 9
Red Hat/Red Hat Enterprise Linux 9 0:4.23.5-10.el9_8
Red Hat/Red Hat Enterprise Linux 9.6 Extended Update Support 0:4.21.3-14.el9_6.1
Red Hat/Red Hat OpenShift Container Platform 4
... and 5 more
Published May 28, 2026
Tracked Since May 28, 2026