VIR Vulnerability Intelligence Relay

CVE-2026-4480

critical
Published 2026-05-26 Β· Modified 2026-06-04
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
9.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
9.0

Description

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.

Predictions

Exploit likelihood
93%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description samba: Samba: Remote Code Execution in printing subsystem via unescaped job description Red Hat statement The issue affects the Samba printing subsystem. Red Hat has classified this issue as Important severity rather than Critical. Print servers configured with ```"printing = cups"``` or ```"printing = iprint"```, and print servers that do not have the ```"%J"``` substitution…

Description

samba: Samba: Remote Code Execution in printing subsystem via unescaped job description

Red Hat statement

The issue affects the Samba printing subsystem. Red Hat has classified this issue as Important severity rather than Critical. Print servers configured with ```"printing = cups"``` or ```"printing = iprint"```, and print servers that do not have the ```"%J"``` substitution character in the "print command" setting are not affected. By default, Red Hat Enterprise Linux ships with Samba configured to use CUPS-based printing ```printing = cups```. Hence, although the vulnerable code is present, it is not exploitable in default RHEL configurations. In addition, typical RHEL Samba deployments require authenticated access to submit print jobs, therefore Privileges Required are assessed as Low (PR:L). Because exploitation depends on non-default Samba printing configurations and requires use of the %J substitution parameter within print command, the attack complexity is considered High (AC:H), reducing the likelihood of exploitation in standard deployments.

CVSS v3: 8.5 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)

Package state

ProductPackageState
Red Hat Enterprise Linux 10sambaAffected
Red Hat Enterprise Linux 6sambaOut of support scope
Red Hat Enterprise Linux 6samba4Out of support scope
Red Hat Enterprise Linux 7sambaAffected
Red Hat Enterprise Linux 8sambaAffected
Red Hat Enterprise Linux 9sambaAffected
Red Hat OpenShift Container Platform 4rhcosAffected

Affected

VendorProductVersion
redhatRed Hat Enterprise Linux 10Affected
redhatRed Hat Enterprise Linux 7Affected
redhatRed Hat Enterprise Linux 8Affected
redhatRed Hat Enterprise Linux 9Affected
redhatRed Hat OpenShift Container Platform 4Affected

OS impact
suse SUSE Affected 1 release
VersionStatusFixed in
β€” Affected β€”
debian Debian Mixed 5 releases
VersionStatusFixed in
trixie Fixed 2:4.22.8+dfsg-0+deb13u2
sid Fixed 2:4.24.3+dfsg-1
forky Fixed 2:4.24.3+dfsg-1
bullseye Affected β€”
bookworm Fixed 2:4.17.12+dfsg-0+deb12u4
redhat Red Hat Mixed 5 releases
VersionStatusFixed in
10.0 Affected β€”
9.0 Affected β€”
8.0 Affected β€”
8 Fixed β€”
7.0 Affected β€”
almalinux AlmaLinux Fixed 1 release
VersionStatusFixed in
8 Fixed samba-pidl-4.19.4-16.el8_10.noarch.rpm

Application impact
VendorProductVersionsFixed
redhat redhatopenshift_container_platform4.0
sambasamba{"startIncluding":"4.1.0","endExcluding":"4.2.1"}4.2.1

References

CWEs

CWE-78

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.