Known Vulnerabilities for products from Samba
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Samba".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-49818 json | Not Provided | 2026-06-09 | 2026-06-10 | |
| CVE-2026-46139 json | Not Provided | 2026-05-28 | 2026-05-28 | |
| CVE-2026-45232 json | Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection()... | Not Provided | 2026-05-20 | 2026-05-21 |
| CVE-2026-43620 json | Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c t... | Not Provided | 2026-05-20 | 2026-05-21 |
| CVE-2026-43619 json | Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lch... | Not Provided | 2026-05-20 | 2026-05-21 |
| CVE-2026-43618 json | Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signe... | Not Provided | 2026-05-20 | 2026-05-21 |
| CVE-2026-43617 json | Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access cont... | Not Provided | 2026-05-20 | 2026-05-21 |
| CVE-2026-41035 json | In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver us... | Not Provided | 2026-04-16 | 2026-05-21 |
| CVE-2026-33995 json | Not Provided | 2026-03-30 | 2026-03-30 | |
| CVE-2026-29518 json | Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allow... | Not Provided | 2026-05-20 | 2026-05-26 |
| CVE-2026-11493 json | Not Provided | 2026-06-08 | 2026-06-08 | |
| CVE-2026-4480 json | A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command co... | Not Provided | 2026-05-26 | 2026-06-15 |
| CVE-2026-4408 json | Not Provided | 2026-05-28 | 2026-06-15 | |
| CVE-2026-3238 json | Not Provided | 2026-06-08 | 2026-06-08 | |
| CVE-2026-3012 json | Not Provided | 2026-05-27 | 2026-06-15 | |
| CVE-2026-2340 json | Not Provided | 2026-05-27 | 2026-06-15 | |
| CVE-2026-1933 json | A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing... | Not Provided | 2026-05-27 | 2026-06-15 |
| CVE-2024-12088 json | A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link... | Not Provided | 2025-01-14 | 2026-04-14 |
| CVE-2024-12087 json | A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-ena... | Not Provided | 2025-01-14 | 2026-04-14 |
| CVE-2024-12086 json | A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. ... | Not Provided | 2025-01-14 | 2026-05-20 |
Known software with vulnerabilities from Samba
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Samba | Cifs-utils | 5.6 |
| Application | Samba | Jitterbug | - |
| Application | Samba | Ppp | - |
| Application | Samba | Rsync | 1.6.4 |
| Application | Samba | Samba | - |
| Application | Samba | Samba Server | - |
| Application | Samba | Volume Service | - |