Critical severity9.0NVD Advisory· Published May 28, 2026· Updated Jun 15, 2026
CVE-2026-4408
CVE-2026-4408
Description
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execution on the affected system. This issue primarily affects non-standard configurations where the "check password script" is used with %u and the samba-dcerpcd service is started as a system service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
46(expand)+ 1 more
- (no CPE)
- (no CPE)
- osv-coords44 versionspkg:rpm/almalinux/ctdbpkg:rpm/almalinux/ldb-toolspkg:rpm/almalinux/libldbpkg:rpm/almalinux/libldb-develpkg:rpm/almalinux/libnetapipkg:rpm/almalinux/libnetapi-develpkg:rpm/almalinux/libsmbclientpkg:rpm/almalinux/libsmbclient-develpkg:rpm/almalinux/libwbclientpkg:rpm/almalinux/libwbclient-develpkg:rpm/almalinux/python3-ldbpkg:rpm/almalinux/python3-sambapkg:rpm/almalinux/python3-samba-dcpkg:rpm/almalinux/python3-samba-develpkg:rpm/almalinux/python3-samba-testpkg:rpm/almalinux/sambapkg:rpm/almalinux/samba-clientpkg:rpm/almalinux/samba-client-libspkg:rpm/almalinux/samba-commonpkg:rpm/almalinux/samba-common-libspkg:rpm/almalinux/samba-common-toolspkg:rpm/almalinux/samba-dcerpcpkg:rpm/almalinux/samba-dc-libspkg:rpm/almalinux/samba-develpkg:rpm/almalinux/samba-gpupdatepkg:rpm/almalinux/samba-krb5-printingpkg:rpm/almalinux/samba-ldb-ldap-modulespkg:rpm/almalinux/samba-libspkg:rpm/almalinux/samba-pidlpkg:rpm/almalinux/samba-testpkg:rpm/almalinux/samba-test-libspkg:rpm/almalinux/samba-toolspkg:rpm/almalinux/samba-usersharespkg:rpm/almalinux/samba-vfs-iouringpkg:rpm/almalinux/samba-winbindpkg:rpm/almalinux/samba-winbind-clientspkg:rpm/almalinux/samba-winbind-krb5-locatorpkg:rpm/almalinux/samba-winbind-modulespkg:rpm/almalinux/samba-winexepkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweedpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/samba&distro=SUSE%20Linux%20Micro%206.2
< 4.19.4-16.el8_10+ 43 more
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.23.5-109.el10_2
- (no CPE)range: < 4.23.5-109.el10_2
- (no CPE)range: < 4.23.5-109.el10_2
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.23.5-109.el10_2
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.23.5-109.el10_2
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.19.4-16.el8_10
- (no CPE)range: < 4.22.9+git.506.22c03ce0781-160000.1.1
- (no CPE)range: < 4.23.8+git.477.f78166bceed-1.1
- (no CPE)range: < 4.22.9+git.506.22c03ce0781-160000.1.1
- (no CPE)range: < 4.22.9+git.506.22c03ce0781-160000.1.1
- (no CPE)range: < 4.22.9+git.506.22c03ce0781-160000.1.1
Patches
Vulnerability mechanics
References
7- access.redhat.com/security/cve/CVE-2026-4408nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- bugzilla.samba.org/show_bug.cginvdIssue TrackingVendor Advisory
- access.redhat.com/errata/RHSA-2026:22644nvdIssue Tracking
- access.redhat.com/errata/RHSA-2026:22963nvdIssue Tracking
- access.redhat.com/errata/RHSA-2026:25049nvd
- access.redhat.com/errata/RHSA-2026:25979nvd
News mentions
0No linked articles in our index yet.