PT-2026-43256 · Samba+3 · Samba+3

Arjun Basnet

+2

·

Published

2026-05-26

·

Updated

2026-07-13

·

CVE-2026-4480

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.22.10 Samba versions prior to 4.23.8 Samba versions prior to 4.24.3
Description A flaw exists in the Samba printing subsystem where the software passes a client-controlled job description string to the command configured in the "print command" setting using the %J substitution character. Because shell meta characters are not escaped, an unauthenticated remote attacker can send a specially crafted print job description containing these characters to execute arbitrary code on the affected system. This issue can be exploited if the server is exposed and configured with unsafe defaults, such as guest access to printer shares.
Recommendations Update to version 4.22.10. Update to version 4.23.8. Update to version 4.24.3. As a temporary workaround, remove %J from the "print command" configurations in the smb.conf file.

Exploit

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

ALSA-2026:22644
ALSA-2026:22963
ALSA-2026:25049
BDU:2026-07317
CVE-2026-4480
ECHO-A229-4B9E-B030
OESA-2026-2574
OESA-2026-2575
OESA-2026-2576
OESA-2026-2577
OPENSUSE-SU-2026:10884-1
OPENSUSE-SU-2026:20905-1
RHSA-2026:22963
RHSA-2026:25049
SUSE-SU-2026:2071-1
SUSE-SU-2026:2072-1
SUSE-SU-2026:2073-1
SUSE-SU-2026:2074-1
SUSE-SU-2026:2076-1
SUSE-SU-2026:2108-1
SUSE-SU-2026:22045-1
SUSE-SU-2026:22080-1
USN-8306-1
USN-8306-2

Affected Products

Linuxmint
Rocky Linux
Samba
Ubuntu