High severity8.0NVD Advisory· Published May 27, 2026· Updated Jun 15, 2026
CVE-2026-3012
CVE-2026-3012
Description
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
50(expand)+ 2 more
- (no CPE)
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*range: >=4.16.0,<4.21.0
- (no CPE)
- cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- osv-coords44 versionspkg:rpm/almalinux/ctdbpkg:rpm/almalinux/ldb-toolspkg:rpm/almalinux/libldbpkg:rpm/almalinux/libldb-develpkg:rpm/almalinux/libnetapipkg:rpm/almalinux/libnetapi-develpkg:rpm/almalinux/libsmbclientpkg:rpm/almalinux/libsmbclient-develpkg:rpm/almalinux/libwbclientpkg:rpm/almalinux/libwbclient-develpkg:rpm/almalinux/python3-ldbpkg:rpm/almalinux/python3-sambapkg:rpm/almalinux/python3-samba-dcpkg:rpm/almalinux/python3-samba-develpkg:rpm/almalinux/python3-samba-testpkg:rpm/almalinux/sambapkg:rpm/almalinux/samba-clientpkg:rpm/almalinux/samba-client-libspkg:rpm/almalinux/samba-commonpkg:rpm/almalinux/samba-common-libspkg:rpm/almalinux/samba-common-toolspkg:rpm/almalinux/samba-dcerpcpkg:rpm/almalinux/samba-dc-libspkg:rpm/almalinux/samba-develpkg:rpm/almalinux/samba-gpupdatepkg:rpm/almalinux/samba-krb5-printingpkg:rpm/almalinux/samba-ldb-ldap-modulespkg:rpm/almalinux/samba-libspkg:rpm/almalinux/samba-pidlpkg:rpm/almalinux/samba-testpkg:rpm/almalinux/samba-test-libspkg:rpm/almalinux/samba-toolspkg:rpm/almalinux/samba-usersharespkg:rpm/almalinux/samba-vfs-iouringpkg:rpm/almalinux/samba-winbindpkg:rpm/almalinux/samba-winbind-clientspkg:rpm/almalinux/samba-winbind-krb5-locatorpkg:rpm/almalinux/samba-winbind-modulespkg:rpm/almalinux/samba-winexepkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweedpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/samba&distro=SUSE%20Linux%20Micro%206.2
< 4.19.4-16.el8_10+ 43 more
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.23.5-109.el10_2
- (no CPE)range: < 4.23.5-109.el10_2
- (no CPE)range: < 4.23.5-109.el10_2
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.23.5-109.el10_2
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.23.5-109.el10_2
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.22.9+git.506.22c03ce0781-160000.1.1
- (no CPE)range: < 4.23.8+git.477.f78166bceed-1.1
- (no CPE)range: < 4.22.9+git.506.22c03ce0781-160000.1.1
- (no CPE)range: < 4.22.9+git.506.22c03ce0781-160000.1.1
- (no CPE)range: < 4.22.9+git.506.22c03ce0781-160000.1.1
Patches
Vulnerability mechanics
References
7- access.redhat.com/security/cve/CVE-2026-3012nvdMitigationThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- bugzilla.samba.org/show_bug.cginvdIssue TrackingMitigationVendor Advisory
- access.redhat.com/errata/RHSA-2026:22644nvdIssue Tracking
- access.redhat.com/errata/RHSA-2026:22963nvdIssue Tracking
- access.redhat.com/errata/RHSA-2026:25049nvd
- access.redhat.com/errata/RHSA-2026:25979nvd
News mentions
0No linked articles in our index yet.