{"api_version":"1","generated_at":"2026-04-23T01:33:29+00:00","cve":"CVE-2021-44141","urls":{"html":"https://cve.report/CVE-2021-44141","api":"https://cve.report/api/cve/CVE-2021-44141.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-44141","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-44141"},"summary":{"title":"CVE-2021-44141","description":"All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-02-21 18:15:00","updated_at":"2023-09-17 09:15:00"},"problem_types":["CWE-59"],"metrics":[],"references":[{"url":"https://security.gentoo.org/glsa/202309-06","name":"GLSA-202309-06","refsource":"GENTOO","tags":[],"title":"Samba: Multiple Vulnerabilities (GLSA 202309-06) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.samba.org/samba/security/CVE-2021-44141.html","name":"https://www.samba.org/samba/security/CVE-2021-44141.html","refsource":"MISC","tags":["Mitigation","Vendor Advisory"],"title":"Samba - Security Announcement Archive","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-44141","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44141","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"44141","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"44141","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"44141","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"storage","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"44141","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samba","cpe5":"samba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-44141","qid":"159828","title":"Oracle Enterprise Linux Security Update for samba (ELSA-2022-2074)"},{"cve":"CVE-2021-44141","qid":"182973","title":"Debian Security Update for samba (CVE-2021-44141)"},{"cve":"CVE-2021-44141","qid":"240286","title":"Red Hat Update for samba security (RHSA-2022:1756)"},{"cve":"CVE-2021-44141","qid":"240314","title":"Red Hat Update for samba security (RHSA-2022:2074)"},{"cve":"CVE-2021-44141","qid":"282312","title":"Fedora Security Update for samba (FEDORA-2022-50da406d40)"},{"cve":"CVE-2021-44141","qid":"282317","title":"Fedora Security Update for samba (FEDORA-2022-055efdd9dc)"},{"cve":"CVE-2021-44141","qid":"354310","title":"Amazon Linux Security Advisory for samba : ALAS2022-2022-022"},{"cve":"CVE-2021-44141","qid":"354496","title":"Amazon Linux Security Advisory for samba : ALAS2022-2022-224"},{"cve":"CVE-2021-44141","qid":"354550","title":"Amazon Linux Security Advisory for samba : ALAS-2022-224"},{"cve":"CVE-2021-44141","qid":"502028","title":"Alpine Linux Security Update for samba"},{"cve":"CVE-2021-44141","qid":"503812","title":"Alpine Linux Security Update for samba"},{"cve":"CVE-2021-44141","qid":"690784","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for samba (8579074c-839f-11ec-a3b2-005056a311d1)"},{"cve":"CVE-2021-44141","qid":"710751","title":"Gentoo Linux Samba Multiple Vulnerabilities (GLSA 202309-06)"},{"cve":"CVE-2021-44141","qid":"751680","title":"OpenSUSE Security Update for samba (openSUSE-SU-2022:0283-1)"},{"cve":"CVE-2021-44141","qid":"751683","title":"SUSE Enterprise Linux Security Update for samba (SUSE-SU-2022:0323-1)"},{"cve":"CVE-2021-44141","qid":"751994","title":"SUSE Enterprise Linux Security Update for samba (SUSE-SU-2022:0283-1)"},{"cve":"CVE-2021-44141","qid":"901502","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for samba (8610)"},{"cve":"CVE-2021-44141","qid":"940520","title":"AlmaLinux Security Update for samba (ALSA-2022:2074)"},{"cve":"CVE-2021-44141","qid":"960130","title":"Rocky Linux Security Update for samba (RLSA-2022:2074)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-44141","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Samba","version":{"version_data":[{"version_value":"All versions of Samba prior to 4.15.5"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-200"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.samba.org/samba/security/CVE-2021-44141.html","url":"https://www.samba.org/samba/security/CVE-2021-44141.html"},{"refsource":"GENTOO","name":"GLSA-202309-06","url":"https://security.gentoo.org/glsa/202309-06"}]},"description":{"description_data":[{"lang":"eng","value":"All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed."}]}},"nvd":{"publishedDate":"2022-02-21 18:15:00","lastModifiedDate":"2023-09-17 09:15:00","problem_types":["CWE-59"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.5},"severity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionEndExcluding":"4.15.5","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"44141","Ordinal":"221797","Title":"CVE-2021-44141","CVE":"CVE-2021-44141","Year":"2021"},"notes":[]}}}