Back

Critical Samba Security Update for Fedora 44 Addresses Multiple CVEs

Severity: High (Score: 72.8)

Sources: Linuxsecurity

Published: 2026-06-02 · Updated: 2026-06-02

Keywords: samba, update, security, fedora, remote, code, cve-2026-4480

Severity indicators: ot, CVE:CVE-2026-4480

Summary

On May 28, 2026, Fedora released an update to Samba 4.24.3, addressing several critical vulnerabilities including CVE-2026-4480, which allows remote code execution via the printing subsystem. Other vulnerabilities fixed include CVE-2026-2340, CVE-2026-3012, CVE-2026-1933, CVE-2026-4408, and CVE-2026-3238, affecting various functionalities of Samba. The vulnerabilities were published between May 26 and May 28, 2026, with the most severe allowing attackers to execute arbitrary code. Users of Fedora 44 and FreeIPA are advised to update their systems immediately to mitigate these risks. The vulnerabilities were confirmed by multiple bug reports and are considered serious threats to system security. The update can be installed using the 'dnf' update program, with specific commands provided for users. Key Points: • Fedora 44 users must update Samba to version 4.24.3 to patch critical vulnerabilities. • CVE-2026-4480 allows remote code execution through an unescaped job description in the printing subsystem. • Multiple CVEs were addressed in this update, highlighting significant security risks in Samba.

Detailed Analysis

**Impact** Fedora 44 users running Samba are affected by multiple critical vulnerabilities, including remote code execution risks. This impacts organizations relying on Samba for file and print services, potentially exposing printing subsystems, group policy certificate enrollment, and directory operations to exploitation. The scope includes all Fedora 44 deployments globally, particularly in sectors using Samba for network file sharing and identity management through FreeIPA. Data at risk includes sensitive print job data, directory structures, and certificate enrollment processes. **Technical Details** The vulnerabilities include CVE-2026-4480 (remote code execution via unescaped print job descriptions), CVE-2026-2340 (vfs_worm directory modification bypass), CVE-2026-3012 (insecure HTTP usage in group policy certificate enrollment), CVE-2026-1933 (missing access checks on reparse points), CVE-2026-4408, and CVE-2026-3238. Attack vectors involve exploitation of Samba’s printing subsystem, file system virtual layers, and certificate enrollment mechanisms. No specific malware, tools, or IOCs are provided in the articles. The vulnerabilities affect multiple stages of the kill chain, including initial access and persistence. **Recommended Response** Apply the Samba 4.24.3 update immediately using the Fedora advisory FEDORA-2026-7567819345 via the command `dnf upgrade --advisory FEDORA-2026-7567819345`. Rebuild dependent packages such as FreeIPA against the updated Samba version. Monitor network traffic for unusual print job submissions and unauthorized directory modifications. Harden configurations related to Samba printing and certificate enrollment processes. No additional IOCs or detection signatures are provided at this time.

Source articles (2)

  • Fedora 44 FreeIPA Important Samba Remote Code Exec Fix 2026 — Linuxsecurity · 2026-06-02
    Update to Samba 4.24.3 - Security fix for CVE-2026-4480, CVE-2026-2340, CVE-2026-3012, CVE-2026-1933, CVE-2026-4408, and CVE-2026-3238 * Fri May 29 2026 Alexander Bokovoy - 4.13.1-12 - Rebuild against…
  • Fedora 44 Samba 4.24.3 Security Update Remote Code Execution CVE-2026 — Linuxsecurity · 2026-06-02
    Update to Samba 4.24.3 - Security fix for CVE-2026-4480, CVE-2026-2340, CVE-2026-3012, CVE-2026-1933, CVE-2026-4408, and CVE-2026-3238 * Thu May 28 2026 Günther Deschner - 2:4.24.3-1 - Update to Samba…

Timeline

  • 2026-05-26 — CVE-2026-4480 published: CVE-2026-4480 disclosed, allowing remote code execution in Samba's printing subsystem.
  • 2026-05-27 — CVE-2026-3012 and CVE-2026-1933 published: CVE-2026-3012 and CVE-2026-1933 published, affecting Samba's group policy and access checks.
  • 2026-05-27 — CVE-2026-2340 published: CVE-2026-2340 published, revealing a flaw in Samba's vfs_worm that does not block directory modifications.
  • 2026-05-28 — CVE-2026-4408 published: CVE-2026-4408 published, addressing a vulnerability in Samba's handling of access checks.
  • 2026-05-28 — Samba 4.24.3 released: Fedora released Samba 4.24.3 to address multiple critical vulnerabilities, urging users to update.

CVEs

  • CVE-2026-1933
  • CVE-2026-2340
  • CVE-2026-3012
  • CVE-2026-3238
  • CVE-2026-4408
  • CVE-2026-4480

Related entities

  • Zero-day Exploit (Attack Type)
  • CWE-78 - OS Command Injection (Cwe)
  • CWE-862 - Missing Authorization (Cwe)
  • Fedora (Company)
  • Samba (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed