CVE-2026-4480

🟠 Łataj w tym tygodniu

Luka w systemie drukowania Samba umożliwia zdalne wykonanie kodu przez złośliwe opisy zadań.

CVSS

9.0

EPSS

12.8%

Exploit

none

Vendor

redhat

Opis źródłowy (NVD)

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.

rce Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	9.0
CISA KEV (aktywnie wykorzystywane)	Nie
FIRST EPSS (prawdopodobieństwo exploita)	12.8%
Opublikowano (NVD)	2026-05-26 15:16:40 UTC
Ostatnia modyfikacja (NVD)	2026-06-23 08:16:25 UTC

Referencje

https://access.redhat.com/errata/RHSA-2026:22644 (secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:22963 (secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:25049 (secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:25979 (secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:28053 (secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:28054 (secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:28055 (secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:28056 (secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:28057 (secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:28058 (secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:28132 (secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2026-4480 (secalert@redhat.com) [Mitigation, Third Party Advisory]
https://bugzilla.redhat.com/show_bug.cgi?id=2452232 (secalert@redhat.com) [Issue Tracking, Third Party Advisory]
https://bugzilla.samba.org/show_bug.cgi?id=16033 (secalert@redhat.com) [Issue Tracking, Vendor Advisory]