CVE-2026-2340
Description
A flaw was found in Sambaโs vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share could overwrite a protected file by renaming a newly created file over the existing WORM-protected file.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description samba: vfs_worm does not block directory modification Red Hat statement This vulnerability is rated Moderate severity because exploitation requires authenticated write access to a Samba share already configured to permit file creation and modification. The flaw affects the vfs_worm module, which provides additional immutability protections for files after a configurable grace period.โฆ
Description
samba: vfs_worm does not block directory modification
Red Hat statement
This vulnerability is rated Moderate severity because exploitation requires authenticated write access to a Samba share already configured to permit file creation and modification. The flaw affects the vfs_worm module, which provides additional immutability protections for files after a configurable grace period. Due to improper handling of rename operations, a user with existing write permissions could overwrite files that should have become immutable under the WORM policy. The vulnerability does not bypass underlying filesystem access controls or grant additional privileges beyond those already assigned to the authenticated user. However, because the primary purpose of the vfs_worm module is to protect file integrity, the ability to modify protected files results in a high integrity impact.
CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 10 | samba | Affected |
| Red Hat Enterprise Linux 6 | samba | Out of support scope |
| Red Hat Enterprise Linux 6 | samba4 | Out of support scope |
| Red Hat Enterprise Linux 7 | samba | Affected |
| Red Hat Enterprise Linux 8 | samba | Affected |
| Red Hat Enterprise Linux 9 | samba | Affected |
| Red Hat OpenShift Container Platform 4 | rhcos | Affected |
Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 10 | Affected |
| redhat | Red Hat Enterprise Linux 7 | Affected |
| redhat | Red Hat Enterprise Linux 8 | Affected |
| redhat | Red Hat Enterprise Linux 9 | Affected |
| redhat | Red Hat OpenShift Container Platform 4 | Affected |
OS impact
Red Hat Affected 4 releases
| Version | Status | Fixed in |
|---|---|---|
| 10.0 | Affected | โ |
| 9.0 | Affected | โ |
| 8.0 | Affected | โ |
| 7.0 | Affected | โ |
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Debian Mixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2:4.22.8+dfsg-0+deb13u2 |
| sid | Fixed | 2:4.24.3+dfsg-1 |
| forky | Fixed | 2:4.24.3+dfsg-1 |
| bullseye | Affected | โ |
| bookworm | Fixed | 2:4.17.12+dfsg-0+deb12u4 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redhat | openshift_container_platform | 4.0 | |
| samba | samba | {"startIncluding":"4.1.0"} | |
References
CWEs
CWE-280
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.