PT-2026-57557 · Unknown · Luci-App-Samba4

Zwcrazythursday

·

Published

2026-07-12

·

Updated

2026-07-12

·

CVE-2026-59260

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions luci-app-samba4 (affected versions not specified)
Description An issue in the read Access Control List (ACL) grants file.exec permission on /usr/sbin/smbd. This allows authenticated delegated users to execute the Samba daemon with command-line arguments controlled by the caller. An attacker can provide arbitrary Samba global options, such as the message command, to a root smbd process, which leads to command execution during the processing of SMB protocol messages.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-59260

Affected Products

Luci-App-Samba4