← back
CVE-2026-1933

Samba: missing access check on reparse point operations

CVSS 7.1 HIGHEPSS 0.8%CWE-284
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.1EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
27 May 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Affected products
Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat · Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat · Red Hat OpenShift Container Platform 4

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2026:22644https://access.redhat.com/errata/RHSA-2026:22963https://access.redhat.com/errata/RHSA-2026:25049https://access.redhat.com/errata/RHSA-2026:25979https://access.redhat.com/errata/RHSA-2026:28053https://access.redhat.com/errata/RHSA-2026:28054https://access.redhat.com/errata/RHSA-2026:28055https://access.redhat.com/errata/RHSA-2026:28056https://access.redhat.com/errata/RHSA-2026:28057https://access.redhat.com/security/cve/CVE-2026-1933https://bugzilla.redhat.com/show_bug.cgi?id=2447317https://bugzilla.samba.org/show_bug.cgi?id=15992