8

CVE-2026-3012

Samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version >= 4.16.0 < 4.21.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.174
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 1.6 5.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
secalert@redhat.com 8 1.6 5.8
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 8 1.6 5.8
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://access.redhat.com/security/cve/CVE-2026-3012
Third Party Advisory
Mitigation
https://bugzilla.redhat.com/show_bug.cgi?id=2447319
Third Party Advisory
Issue Tracking
https://bugzilla.samba.org/show_bug.cgi?id=16003
Vendor Advisory
Issue Tracking
Mitigation
https://access.redhat.com/errata/RHSA-2026:22644
Issue Tracking
https://access.redhat.com/errata/RHSA-2026:22963
Issue Tracking
https://access.redhat.com/errata/RHSA-2026:25049
https://access.redhat.com/errata/RHSA-2026:25979
https://access.redhat.com/errata/RHSA-2026:28057
https://access.redhat.com/errata/RHSA-2026:28054
https://access.redhat.com/errata/RHSA-2026:28055
https://access.redhat.com/errata/RHSA-2026:28056
https://access.redhat.com/errata/RHSA-2026:28053
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3012.json
https://access.redhat.com/errata/RHSA-2026:29863