What is the CVSS score of CVE-2026-3120?

CVE-2026-3120 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of SambaBox are affected by CVE-2026-3120?

SambaBox versions 5.1-5.2 contain a remote code execution vulnerability that allows authenticated administrators to execute arbitrary OS commands, potentially compromising the entire file sharing…. A patch is available.

SambaBox CVE-2026-3120

EUVD-2026-26945 HIGH

Code Injection (CWE-94)

2026-05-04 TR-CERT

RCE Command Injection Code Injection

7.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 04, 2026 - 14:16 EUVD

Analysis Generated

May 04, 2026 - 12:30 vuln.today

Patch released

May 04, 2026 - 12:16 nvd

Patch available

EUVD ID Assigned

May 04, 2026 - 12:15 euvd

EUVD-2026-26945

Analysis Generated

May 04, 2026 - 12:15 vuln.today

CVE Published

May 04, 2026 - 11:53 nvd

HIGH 7.2

DescriptionNVD

Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection.

This issue affects SambaBox: from 5.1 before 5.3.

AnalysisAI

Remote code execution in SambaBox 5.1-5.2 allows authenticated administrators to inject and execute arbitrary OS commands through improper input sanitization. Attackers with high-privilege access can achieve full system compromise with confidentiality, integrity, and availability impact. …

RemediationAI

Within 24 hours: Inventory all SambaBox instances running versions 5.1 or 5.2 and document administrative user accounts with access; restrict administrative console access to essential personnel only and require multi-factor authentication. Within 7 days: Implement network segmentation to isolate SambaBox systems from critical infrastructure; enable comprehensive audit logging of all administrative actions; consider deploying a temporary WAF or IPS ruleset if available from vendor advisories. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-3120 vulnerability details – vuln.today

Back

SambaBox CVE-2026-3120

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code