CVE-2026-2340

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description A flaw exists in the vfs worm module, which is designed to provide write-once, read-many (WORM) protections by preventing file modifications after a specific grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share can overwrite a protected file by renaming a newly created file over the existing WORM-protected file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.