EUVD-2026-32211
GHSA-59rx-q76w-hqrw
CVSS VectorNVD
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.
AnalysisAI
Trust-store poisoning in Samba's certificate auto-enrollment lets an adjacent-network attacker install an attacker-controlled CA certificate when auto-enrollment is enabled. Because Samba retrieves the CA certificate over plaintext HTTP and adds it to the local trust store without verifying authenticity, a man-in-the-middle can have a rogue CA trusted system-wide, enabling interception or spoofing of otherwise trusted TLS communications. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all Samba deployments with certificate auto-enrollment enabled and assess network positioning relative to untrusted network segments. Within 7 days: Disable auto-enrollment where operationally feasible, or implement network segregation (VLAN isolation) and monitoring to prevent MITM access to CA certificate retrieval paths. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today