cvelistv5 - cve-2026-3012

CVE-2026-3012 (GCVE-0-2026-3012)

Vulnerability from cvelistv5

Published

2026-05-27 10:02

Modified

2026-06-08 15:11

Severity ?

8.0 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE

CWE-345 - Insufficient Verification of Data Authenticity

Summary

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:22644	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:22963	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2026-3012	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2447319	issue-tracking, x_refsource_REDHAT
	https://bugzilla.samba.org/show_bug.cgi?id=16003

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 10

Unaffected: 0:4.23.5-109.el10_2 < *
cpe:/o:redhat:enterprise_linux:10.2

Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:4.19.4-16.el8_10 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:4.19.4-16.el8_10 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3012",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-27T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T03:55:25.474Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.2"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.23.5-109.el10_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.19.4-16.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.19.4-16.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba4",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Arad Inbar (DREAM Security Research Team), Ben Grinberg (DREAM Security Research Team), Michalis Vasileiadis, and Nir Somech (DREAM Security Research Team) for reporting this issue."
        }
      ],
      "datePublic": "2026-05-27T09:17:49.862Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Samba\u2019s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "Insufficient Verification of Data Authenticity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-08T15:11:48.707Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:22644",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:22644"
        },
        {
          "name": "RHSA-2026:22963",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:22963"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-3012"
        },
        {
          "name": "RHBZ#2447319",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447319"
        },
        {
          "url": "https://bugzilla.samba.org/show_bug.cgi?id=16003"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-13T12:55:02.623Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-05-27T09:17:49.862Z",
          "value": "Made public."
        }
      ],
      "title": "Samba: group policy certificate enrollment uses http:// without validation",
      "workarounds": [
        {
          "lang": "en",
          "value": "Systems are not affected unless Samba Group Policy processing and certificate auto-enrollment are explicitly enabled.\n\nAdministrators can reduce exposure by:\n\nAvoiding unnecessary use of certificate auto-enrollment.\nEnsuring your \"smb.conf\" does not contain a line like ```apply group policies = yes```. If , group policy is not be enabled, the vulnerable code will not run.\n\nIntercepting the HTTP request requires some control over the local network or other devices to intercept or redirect traffic. Some network administrators might assess this as a low risk on their\nnetworks."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-345: Insufficient Verification of Data Authenticity"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-3012",
    "datePublished": "2026-05-27T10:02:21.767Z",
    "dateReserved": "2026-02-23T07:08:58.479Z",
    "dateUpdated": "2026-06-08T15:11:48.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CERTFR-2026-AVI-0651

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Samba. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Samba	Samba	Samba versions 4.23.x antérieures à 4.23.8
Samba	Samba	Samba versions 4.24.x antérieures à 4.24.3
Samba	Samba	Samba versions antérieures à 4.22.10

References

Title

Publication Time

Tags

Bulletin de sécurité Samba CVE-2026-4480	2026-05-26	vendor-advisory
Bulletin de sécurité Samba CVE-2026-3238	2026-05-26	vendor-advisory
Bulletin de sécurité Samba CVE-2026-4408	2026-05-26	vendor-advisory
Bulletin de sécurité Samba CVE-2026-3012	2026-05-26	vendor-advisory
Bulletin de sécurité Samba CVE-2026-2340	2026-05-26	vendor-advisory
Bulletin de sécurité Samba CVE-2026-1933	2026-05-26	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Samba versions 4.23.x ant\u00e9rieures \u00e0 4.23.8",
      "product": {
        "name": "Samba",
        "vendor": {
          "name": "Samba",
          "scada": false
        }
      }
    },
    {
      "description": "Samba versions 4.24.x ant\u00e9rieures \u00e0 4.24.3",
      "product": {
        "name": "Samba",
        "vendor": {
          "name": "Samba",
          "scada": false
        }
      }
    },
    {
      "description": "Samba versions ant\u00e9rieures \u00e0 4.22.10",
      "product": {
        "name": "Samba",
        "vendor": {
          "name": "Samba",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-1933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1933"
    },
    {
      "name": "CVE-2026-2340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2340"
    },
    {
      "name": "CVE-2026-3238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3238"
    },
    {
      "name": "CVE-2026-3012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3012"
    },
    {
      "name": "CVE-2026-4480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4480"
    },
    {
      "name": "CVE-2026-4408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4408"
    }
  ],
  "initial_release_date": "2026-05-27T00:00:00",
  "last_revision_date": "2026-05-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0651",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-05-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Samba. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Samba",
  "vendor_advisories": [
    {
      "published_at": "2026-05-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Samba CVE-2026-4480",
      "url": "https://www.samba.org/samba/security/CVE-2026-4480.html"
    },
    {
      "published_at": "2026-05-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Samba CVE-2026-3238",
      "url": "https://www.samba.org/samba/security/CVE-2026-3238.html"
    },
    {
      "published_at": "2026-05-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Samba CVE-2026-4408",
      "url": "https://www.samba.org/samba/security/CVE-2026-4408.html"
    },
    {
      "published_at": "2026-05-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Samba CVE-2026-3012",
      "url": "https://www.samba.org/samba/security/CVE-2026-3012.html"
    },
    {
      "published_at": "2026-05-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Samba CVE-2026-2340",
      "url": "https://www.samba.org/samba/security/CVE-2026-2340.html"
    },
    {
      "published_at": "2026-05-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Samba CVE-2026-1933",
      "url": "https://www.samba.org/samba/security/CVE-2026-1933.html"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2026-3012 (GCVE-0-2026-3012)

Vulnerability from cvelistv5

CERTFR-2026-AVI-0651

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature