7.1
CVE-2026-1933
- EPSS 0.86%
- Veröffentlicht 27.05.2026 12:28:44
- Zuletzt bearbeitet 03.07.2026 13:16:58
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Samba: missing access check on reparse point operations
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Openshift Container Platform Version4.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.86% | 0.54 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| secalert@redhat.com | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://access.redhat.com/security/cve/CVE-2026-1933
https://bugzilla.redhat.com/show_bug.cgi?id=2447317
https://bugzilla.samba.org/show_bug.cgi?id=15992
https://access.redhat.com/errata/RHSA-2026:22644
https://access.redhat.com/errata/RHSA-2026:22963
https://access.redhat.com/errata/RHSA-2026:25049
https://access.redhat.com/errata/RHSA-2026:25979
https://access.redhat.com/errata/RHSA-2026:28057
https://access.redhat.com/errata/RHSA-2026:28054
https://access.redhat.com/errata/RHSA-2026:28055
https://access.redhat.com/errata/RHSA-2026:28056
https://access.redhat.com/errata/RHSA-2026:28053
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1933.json
https://access.redhat.com/errata/RHSA-2026:29863