CVE-2026-4408

CVSS v3.1

Critical

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description A flaw in the DCE/RPC SAMR server allows a remote attacker to achieve remote command execution on affected systems. The issue occurs in non-standard configurations of Samba file servers and classic domain controllers that utilize the "check password script" feature. When this script is configured using the %u substitution character, the client-controlled username is passed to the shell without proper escaping of meta-characters. This is particularly critical when the samba-dcerpcd service is running as a system service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

ALSA-2026:22644

ALSA-2026:22963

BDU:2026-07316

CVE-2026-4408

OPENSUSE-SU-2026:10884-1

USN-8306-1

Affected Products

Linuxmint

Samba

Ubuntu

CVE-2026-4408

Weakness Enumeration

Related Identifiers

Affected Products

References · 50