CVE-2026-3012

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description A flaw exists in the handling of certificate auto-enrollment Group Policy. When this feature is enabled, Samba may retrieve a CA certificate via an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker capable of intercepting or redirecting network traffic could provide a malicious certificate authority certificate, which may lead to the interception or spoofing of trusted communications.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.