AI description
CVE-2026-4480 describes a vulnerability found within the Samba printing subsystem. This flaw arises because Samba transmits the client-controlled job description string to the command configured by the "print command" setting, utilizing the "%J" substitution character, without adequately escaping shell meta characters. Consequently, a remote attacker can exploit this vulnerability by submitting a specially crafted print job description that incorporates unescaped shell characters. This action could lead to remote code execution on the affected system.
- Description
- A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.
- Source
- secalert@redhat.com
- NVD status
- Modified
- Products
- openshift_container_platform, samba, enterprise_linux
CVSS 3.1
- Type
- Secondary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- secalert@redhat.com
- CWE-78
- Hype score
- Not currently trending
⚠️ Vulnerabilidades en productos Samba ❗ CVE-2026-4480 ❗ CVE-2026-4408 ❗ CVE-2026-3012 ➡️ Más info: https://t.co/B1yfTtTuWW https://t.co/tDy1a4OFXL
@CERTpy
3 Jun 2026
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Sambaに2件の致命的な脆弱性-CVE-2026-4408とCVE-2026-4480|セキュリティ対策Lab https://t.co/xX9BTAA1fc "CVSS 10.0と評価された2件の認証不要リモートコード実行な脆弱性です。CVE-2026-4480はSambaの印刷サブシステム、CVE-2026-4408
@catnap707
2 Jun 2026
168 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Sambaに2件の致命的な脆弱性-CVE-2026-4408とCVE-2026-4480 https://t.co/MChVczM4fZ #セキュリティ対策Lab #security #securitynews
@securityLab_jp
2 Jun 2026
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SambaがCVSSスコア10の脆弱性2件を修正。印刷サブシステムのCVE-2026-4480とパスワード検証のCVE-2026-4408。その他、高深刻度のもの2件を含む複数の脆弱性も修正されている。 https://t.co/Zf5ERcKYKr
@__kokumoto
29 May 2026
809 Impressions
0 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
Warning: #Samba has released a security bulletin covering six #CVEs including #CVE-2026-4480 (CVSS:10.0) and #CVE-2026-4408 (CVSS:10.0). Both lead to Remote Code Execution #RCE. Find out more at https://t.co/8k3sdo9b6e #Patch #Patch #Patch
@CCBalert
27 May 2026
220 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA99680-067D-486E-B752-6D5239C3E4FB",
"versionEndExcluding": "4.2.1",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]