PT-2026-57557 · Unknown · Luci-App-Samba4
Zwcrazythursday
·
Published
2026-07-12
·
Updated
2026-07-12
·
CVE-2026-59260
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
luci-app-samba4 (affected versions not specified)
Description
An issue in the read Access Control List (ACL) grants file.exec permission on /usr/sbin/smbd. This allows authenticated delegated users to execute the Samba daemon with command-line arguments controlled by the caller. An attacker can provide arbitrary Samba global options, such as the message command, to a root smbd process, which leads to command execution during the processing of SMB protocol messages.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Luci-App-Samba4