EIP-2026-102736

PRE-CVE

Samba 3.4.7/3.5.1 - Denial of Service

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102736. PoCs published by laurent gaffie.

AI-analyzed exploit summary The exploit demonstrates two denial-of-service vulnerabilities in Samba's SMB protocol handling. The first triggers a null pointer dereference by manipulating Unicode flags in 'Negotiate Protocol' and 'Session Setup AndX' requests, while the second causes an uninitialized variable read by setting the 'security blob length' to an invalid value.

Description

Samba 3.4.7/3.5.1 - Denial of Service

Exploits (1)

exploitdb WORKING POC VERIFIED

by laurent gaffie · textdoslinux

https://www.exploit-db.com/exploits/12588

View Code ZIP pw:eip

The exploit demonstrates two denial-of-service vulnerabilities in Samba's SMB protocol handling. The first triggers a null pointer dereference by manipulating Unicode flags in 'Negotiate Protocol' and 'Session Setup AndX' requests, while the second causes an uninitialized variable read by setting the 'security blob length' to an invalid value.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Samba <=3.4.7 and Samba <=3.5.1

No auth needed

Prerequisites: Network access to the target's SMB port (445)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026