9.8

CVE-2026-4480

Medienbericht

Samba: samba: remote code execution in printing subsystem via unescaped job description

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J"
substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version >= 4.1.0 < 4.2.1
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.8% 0.958
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com 9 2.2 6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 9 2.2 6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
05.06.2026 12:48
https://access.redhat.com/security/cve/CVE-2026-4480
Third Party Advisory
Mitigation
https://bugzilla.redhat.com/show_bug.cgi?id=2452232
Third Party Advisory
Issue Tracking
https://bugzilla.samba.org/show_bug.cgi?id=16033
Vendor Advisory
Issue Tracking
https://access.redhat.com/errata/RHSA-2026:22644
https://access.redhat.com/errata/RHSA-2026:22963
https://access.redhat.com/errata/RHSA-2026:25049
https://access.redhat.com/errata/RHSA-2026:25979
https://access.redhat.com/errata/RHSA-2026:28057
https://access.redhat.com/errata/RHSA-2026:28058
https://access.redhat.com/errata/RHSA-2026:28054
https://access.redhat.com/errata/RHSA-2026:28055
https://access.redhat.com/errata/RHSA-2026:28056
https://access.redhat.com/errata/RHSA-2026:28053
https://access.redhat.com/errata/RHSA-2026:28132
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4480.json