← voltar
CVE-2026-4480

Samba: samba: remote code execution in printing subsystem via unescaped job description

CVSS 9 CRITICALEPSS 12.8%CWE-78
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat · Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat · Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat · Red Hat OpenShift Container Platform 4
PoCs públicas encontradas6
githubgithub.com/TheCyberGeek/CVE-2026-4480-PoC13githubgithub.com/robinxiang/CVE-2026-44801githubgithub.com/CarlosEduardoPM/CVE-2026-4480-POC1githubgithub.com/0xBlackash/CVE-2026-44800githubgithub.com/Vusal777/CVE-2026-4480-exploit-poc0githubgithub.com/ClearLotus-git/CVE-2026-4480-PoC0
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2026:22644https://access.redhat.com/errata/RHSA-2026:22963https://access.redhat.com/errata/RHSA-2026:25049https://access.redhat.com/errata/RHSA-2026:25979https://access.redhat.com/errata/RHSA-2026:28053https://access.redhat.com/errata/RHSA-2026:28054https://access.redhat.com/errata/RHSA-2026:28055https://access.redhat.com/errata/RHSA-2026:28056https://access.redhat.com/errata/RHSA-2026:28057https://access.redhat.com/errata/RHSA-2026:28058https://access.redhat.com/errata/RHSA-2026:28132https://access.redhat.com/security/cve/CVE-2026-4480