PT-2026-43256 · Samba+3 · Samba+3
Arjun Basnet
+2
·
Published
2026-05-26
·
Updated
2026-07-13
·
CVE-2026-4480
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Samba versions prior to 4.22.10
Samba versions prior to 4.23.8
Samba versions prior to 4.24.3
Description
A flaw exists in the Samba printing subsystem where the software passes a client-controlled job description string to the command configured in the "print command" setting using the
%J substitution character. Because shell meta characters are not escaped, an unauthenticated remote attacker can send a specially crafted print job description containing these characters to execute arbitrary code on the affected system. This issue can be exploited if the server is exposed and configured with unsafe defaults, such as guest access to printer shares.Recommendations
Update to version 4.22.10.
Update to version 4.23.8.
Update to version 4.24.3.
As a temporary workaround, remove
%J from the "print command" configurations in the smb.conf file.Exploit
Fix
RCE
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Rocky Linux
Samba
Ubuntu