Back

Critical Samba Vulnerabilities Affect Multiple Ubuntu Releases

Severity: High (Score: 72.8)

Sources: Ubuntu, launchpad.net, Linuxsecurity

Published: 2026-05-26 · Updated: 2026-05-27

Keywords: ubuntu, samba, security, issue, reparse, point, critical

Severity indicators: critical, issue, security issue

Summary

On May 26, 2026, multiple vulnerabilities in Samba were disclosed, affecting Ubuntu 24.04 LTS, 25.10, and 26.04 LTS. Key issues include improper handling of access checks on reparse point operations (CVE-2026-1933), which could allow modification of read-only files, and a failure to block file overwrites in Samba's vfs_worm module (CVE-2026-2340). Additionally, a machine-in-the-middle attack could exploit Samba's handling of certificate auto-enrolment group policies (CVE-2026-3012). A denial of service vulnerability was also identified in Samba's Active Directory Domain Controller (CVE-2026-3238). Users are advised to update their systems to mitigate these risks. The vulnerabilities are considered critical due to their potential impact on system integrity and security. Key Points: • Samba vulnerabilities affect Ubuntu 24.04 LTS, 25.10, and 26.04 LTS. • CVE-2026-1933 allows modification of read-only files via improper access checks. • Immediate updates are recommended to address these critical vulnerabilities.

Detailed Analysis

**Impact** Multiple Ubuntu releases are affected, specifically Ubuntu 24.04 LTS, 25.10, 26.04 LTS, and 22.04 LTS, impacting organizations using Samba for SMB/CIFS services. The vulnerabilities allow unauthorized modification of read-only files, overwriting immutable files, installation of malicious CA certificates via MITM attacks, denial of service, and remote code execution. This affects sectors relying on Ubuntu servers for file sharing and Active Directory services, potentially compromising data integrity, availability, and trust in certificate-based authentication. **Technical Details** Exploits target Samba components including reparse point access checks (CVE-2026-1933), vfs_worm module file overwrite protections (CVE-2026-2340), certificate auto-enrolment over HTTP without verification (CVE-2026-3012), Active Directory Domain Controller WINS server (CVE-2026-3238), DCE/RPC SAMR server password check scripts (CVE-2026-4408), and printing subsystem command handling (CVE-2026-4480). Attack vectors include local and remote exploitation, machine-in-the-middle attacks, and crafted network requests causing denial of service or arbitrary code execution. No specific malware or IOCs were provided. **Recommended Response** Apply the updated Samba packages immediately: Ubuntu 26.04 LTS (2:4.23.6+dfsg-1ubuntu2.1), Ubuntu 25.10 (2:4.22.3+dfsg-4ubuntu2.4), Ubuntu 24.04 LTS (2:4.19.5+dfsg-4ubuntu9.6), and Ubuntu 22.04 LTS (2:4.15.13+dfsg-0ubuntu1.12). Monitor network traffic for unusual SMB activity and verify certificate auto-enrolment processes. Harden configurations by restricting Samba access and disabling non-default scripts or print commands where possible. No additional IOCs or detection signatures were provided.

Source articles (3)

  • USN-8306-1: Samba vulnerabilities — Ubuntu · 2026-05-26
    Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacker could possibly use this issue to modify reparse point extended attributes on…
  • Ubuntu 26.04 LTS Samba Critical Update Denial of Service USN-8306 — Linuxsecurity · 2026-05-26
    A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Samba. Sof…
  • Samba — launchpad.net · 2026-05-26
    ctdb: clustered database to store temporary data ctdb-dbgsym: debug symbols for ctdb ldb-tools: LDAP-like embedded database - tools ldb-tools-dbgsym: debug symbols for ldb-tools libldb-dev: LDAP-like…

Timeline

  • 2026-05-26 — Samba vulnerabilities disclosed: Multiple vulnerabilities in Samba were disclosed, affecting several Ubuntu versions and allowing potential file manipulation and denial of service.
  • 2026-05-26 — Critical update released for Ubuntu: Ubuntu released updates to address critical vulnerabilities in Samba, urging users to apply them immediately.
  • 2026-05-26 — CVE-2026-4480 published: CVE-2026-4480 was published, detailing a critical vulnerability in Samba affecting multiple Ubuntu releases.

CVEs

  • CVE-2026-1933
  • CVE-2026-2340
  • CVE-2026-3012
  • CVE-2026-3238
  • CVE-2026-4408
  • CVE-2026-4480

Related entities

  • DDoS (Attack Type)
  • Denial of Service (Attack Type)
  • Man-in-the-Middle (Attack Type)
  • HTTP (Platform)
  • Linux (Platform)
  • Samba (Platform)
  • Smb/cifs (Platform)
  • Ubuntu (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed