VYPR
High severity8.0NVD Advisory· Published May 27, 2026· Updated Jun 15, 2026

CVE-2026-3012

CVE-2026-3012

Description

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

50

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.