Known Vulnerabilities for products from Samba
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Samba".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-59260 json | Not Provided | 2026-07-12 | 2026-07-12 | |
| CVE-2026-49818 json | Not Provided | 2026-06-09 | 2026-06-10 | |
| CVE-2026-48793 json | Not Provided | 2026-06-24 | 2026-06-26 | |
| CVE-2026-46139 json | Not Provided | 2026-05-28 | 2026-06-14 | |
| CVE-2026-45232 json | Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection()... | Not Provided | 2026-05-20 | 2026-05-21 |
| CVE-2026-43620 json | Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c t... | Not Provided | 2026-05-20 | 2026-05-21 |
| CVE-2026-43619 json | Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lch... | Not Provided | 2026-05-20 | 2026-05-21 |
| CVE-2026-43618 json | Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signe... | Not Provided | 2026-05-20 | 2026-06-30 |
| CVE-2026-43617 json | Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access cont... | Not Provided | 2026-05-20 | 2026-05-21 |
| CVE-2026-41035 json | In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver us... | Not Provided | 2026-04-16 | 2026-07-10 |
| CVE-2026-29518 json | Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allow... | Not Provided | 2026-05-20 | 2026-06-30 |
| CVE-2026-12249 json | Not Provided | 2026-06-22 | 2026-06-22 | |
| CVE-2026-11493 json | Not Provided | 2026-06-08 | 2026-06-08 | |
| CVE-2026-4480 json | A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command co... | Not Provided | 2026-05-26 | 2026-06-30 |
| CVE-2026-4408 json | A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controll... | Not Provided | 2026-05-28 | 2026-07-03 |
| CVE-2026-3238 json | Not Provided | 2026-06-08 | 2026-06-30 | |
| CVE-2026-3012 json | A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled,... | Not Provided | 2026-05-27 | 2026-07-03 |
| CVE-2026-2340 json | A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by ... | Not Provided | 2026-05-27 | 2026-07-02 |
| CVE-2026-1933 json | A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing... | Not Provided | 2026-05-27 | 2026-07-03 |
| CVE-2025-0620 json | A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expire... | Not Provided | 2025-06-06 | 2026-06-30 |
Known software with vulnerabilities from Samba
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Samba | Cifs-utils | 5.6 |
| Application | Samba | Jitterbug | - |
| Application | Samba | Ppp | - |
| Application | Samba | Rsync | 1.6.4 |
| Application | Samba | Samba | - |
| Application | Samba | Samba Server | - |
| Application | Samba | Volume Service | - |