Skip to main content

Samba CVE-2026-4408

| EUVDEUVD-2026-32741 CRITICAL
OS Command Injection (CWE-78)
N/A vendor:alpine GHSA-jg8v-92xc-cx65
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Samba command-injection flaws historically require an authenticated SMB session to reach vulnerable helpers, so PR:L over PR:N; network reachable, low complexity, full CIA impact as smbd typically runs privileged.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

8
Analysis Updated
Jun 15, 2026 - 22:28 vuln.today
v5 (cvss_changed)
Analysis Updated
Jun 15, 2026 - 22:28 vuln.today
v4 (cvss_changed)
CVSS changed
Jun 15, 2026 - 22:22 NVD
9.0 (CRITICAL) 9.8 (CRITICAL)
Analysis Updated
May 28, 2026 - 09:28 vuln.today
v3 (cvss_changed)
Analysis Updated
May 28, 2026 - 09:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 28, 2026 - 09:22 vuln.today
cvss_changed
CVSS changed
May 28, 2026 - 09:22 NVD
9.0 (CRITICAL)
Analysis Generated
May 28, 2026 - 05:04 vuln.today

DescriptionNVD

Alpine Linux: samba fixed in 4.23.8-r0

AnalysisAI

Command injection in Samba (CWE-78) carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and is fixed in Alpine Linux package samba 4.23.8-r0, with Red Hat shipping errata RHSA-2026:22644, 22963, 25049, and 25979 for Enterprise Linux 6/7/9 and OpenShift Container Platform 4.0. The flaw allows remote attackers to inject operating-system commands against vulnerable Samba deployments, yielding full confidentiality, integrity, and availability impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed SMB service
Delivery
Send crafted SMB request with shell metacharacters
Exploit
Trigger OS command injection in helper
Execution
Execute commands as Samba service user
Persist
Establish reverse shell and persist
Impact
Pivot to domain/credential theft

Vulnerability AssessmentAI

Exploitation Based on the supplied CVSS vector (AV:N/AC:L/PR:N/UI:N), exploitation requires only network reachability to the Samba service (typically TCP 445, also 139) with no authentication and no user interaction against default Samba deployments on Alpine, RHEL 6/7/9, and OpenShift Container Platform 4.0. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and require honest interpretation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network reachability to TCP/445 on a vulnerable Samba server sends a crafted SMB request containing shell metacharacters in a field that Samba passes to a shell-invoking helper, causing the smbd process to execute attacker-supplied commands as the Samba service account. From there the attacker drops a reverse shell, harvests credentials and Kerberos tickets, and pivots into the Active Directory or Linux fleet. …
Remediation On Alpine Linux, upgrade the samba package to 4.23.8-r0 or later via apk; on Red Hat Enterprise Linux 6, 7, and 9 and OpenShift Container Platform 4.0, apply the vendor-released patches from RHSA-2026:22644, RHSA-2026:22963, RHSA-2026:25049, and RHSA-2026:25979 (linked from https://access.redhat.com/security/cve/CVE-2026-4408), and on other distributions install the patched upstream Samba build referenced in Samba Bugzilla 16034. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Samba deployments and document current software versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2015-8103 CRITICAL POC
9.8 Nov 25

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary co

CVE-2021-4104 HIGH
7.5 Dec 14

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo

CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

CVE-2025-26465 MEDIUM
6.8 Feb 18

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. Rated medium severity (CVSS 6.8), this

CVE-2019-7609 CRITICAL POC
10.0 Mar 25

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. Rated criti

CVE-2019-1003029 CRITICAL POC
9.9 Mar 08

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/

CVE-2018-1000861 CRITICAL POC
9.8 Dec 10

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and ea

CVE-2019-1003002 HIGH POC
8.8 Jan 22

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in. Rated high severity (CVSS 8.

CVE-2019-1003001 HIGH POC
8.8 Jan 22

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins

CVE-2019-1003000 HIGH POC
8.8 Jan 22

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/

CVE-2024-12085 HIGH POC
7.5 Jan 14

A flaw was found in rsync which could be triggered when rsync compares file checksums. Rated high severity (CVSS 7.5), t

Share

CVE-2026-4408 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy