PT-2026-43436 · Samba+3 · Samba+3

Asim Viladi Oglu Manizada

Published

2026-05-26

Updated

2026-06-10

CVE-2026-1933

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description A flaw exists in the handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users who possess underlying filesystem write permissions can create or delete reparse point metadata through SMB operations, even on read-only exports. This allows for the modification of SMB-visible file behavior, such as converting files into symbolic links or other reparse point types.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALSA-2026:22963

ALSA-2026:25049

BDU:2026-07419

CVE-2026-1933

OPENSUSE-SU-2026:10884-1

OPENSUSE-SU-2026:20905-1

RHSA-2026:22644

RHSA-2026:22963

SUSE-SU-2026:22045-1

SUSE-SU-2026:22080-1

USN-8306-1

Affected Products

Linuxmint

Rocky Linux

Samba

Ubuntu

PT-2026-43436 · Samba+3 · Samba+3

CVE-2026-1933

Weakness Enumeration

Related Identifiers

Affected Products

References · 72