8
CVE-2026-3012
- EPSS 0.26%
- Veröffentlicht 27.05.2026 10:02:21
- Zuletzt bearbeitet 03.07.2026 13:17:10
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Samba: group policy certificate enrollment uses http:// without validation
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Openshift Container Platform Version4.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.174 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 1.6 | 5.2 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| secalert@redhat.com | 8 | 1.6 | 5.8 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 8 | 1.6 | 5.8 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
|
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
https://access.redhat.com/security/cve/CVE-2026-3012
https://bugzilla.redhat.com/show_bug.cgi?id=2447319
https://bugzilla.samba.org/show_bug.cgi?id=16003
https://access.redhat.com/errata/RHSA-2026:22644
https://access.redhat.com/errata/RHSA-2026:22963
https://access.redhat.com/errata/RHSA-2026:25049
https://access.redhat.com/errata/RHSA-2026:25979
https://access.redhat.com/errata/RHSA-2026:28057
https://access.redhat.com/errata/RHSA-2026:28054
https://access.redhat.com/errata/RHSA-2026:28055
https://access.redhat.com/errata/RHSA-2026:28056
https://access.redhat.com/errata/RHSA-2026:28053
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3012.json
https://access.redhat.com/errata/RHSA-2026:29863