SMB vulnerabilities

Showing 1 - 39 of 39 CVEs

  1. CVE-2026-26128 Published Mar 10, 2026

    Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.

  2. CVE-2026-24294 Published Mar 10, 2026

    Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.

  3. CVE-2026-23228 Published Feb 18, 2026

    In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() On kthread_run() failure in ksmbd_tcp_new_connection(), the transport is freed via free_transport(), which does not decrement active_num_conn, leaking this counter. Replace free_transport() with ksmbd_tcp_disconnect().

  4. CVE-2026-20934 Published Jan 13, 2026

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

  5. CVE-2026-20926 Published Jan 13, 2026

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

  6. CVE-2026-20921 Published Jan 13, 2026

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

  7. CVE-2026-20919 Published Jan 13, 2026

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

  8. CVE-2026-20848 Published Jan 13, 2026

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

  9. CVE-2025-55234 Published Sep 9, 2025

    SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks: Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures.

  10. CVE-2025-33073 Published Jun 10, 2025

    Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

  11. CVE-2025-24054 Published Mar 11, 2025

    External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

  12. CVE-2024-56627 Published Dec 27, 2024

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read An offset from client could be a negative value, It could lead to an out-of-bounds read from the stream_buf. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf.

  13. CVE-2024-56626 Published Dec 27, 2024

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write An offset from client could be a negative value, It could allows to write data outside the bounds of the allocated buffer. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf.

  14. CVE-2024-43642 Published Nov 12, 2024

    Windows SMB Denial of Service Vulnerability

  15. CVE-2024-43532 Published Oct 8, 2024

    Remote Registry Service Elevation of Privilege Vulnerability

  16. CVE-2024-26245 Published Apr 9, 2024

    Windows SMB Elevation of Privilege Vulnerability

  17. CVE-2023-6606 Published Dec 8, 2023

    An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

  18. CVE-2023-32254 Published Jul 10, 2023

    A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

  19. CVE-2023-23397 Published Mar 14, 2023

    Microsoft Outlook Elevation of Privilege Vulnerability

  20. CVE-2022-45141 Published Mar 6, 2023

    Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).

  21. CVE-2022-38023 Published Nov 9, 2022

    Netlogon RPC Elevation of Privilege Vulnerability

  22. CVE-2022-37967 Published Nov 9, 2022

    Windows Kerberos Elevation of Privilege Vulnerability

  23. CVE-2022-37966 Published Nov 9, 2022

    Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability

  24. CVE-2022-37958 Published Sep 13, 2022

    SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

  25. CVE-2022-35804 Published Aug 9, 2022

    SMB Client and Server Remote Code Execution Vulnerability

  26. CVE-2022-32230 Published Jun 14, 2022

    Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.

  27. CVE-2022-26809 Published Apr 15, 2022

    Remote Procedure Call Runtime Remote Code Execution Vulnerability

  28. CVE-2022-24500 Published Apr 15, 2022

    Windows SMB Remote Code Execution Vulnerability

  29. CVE-2022-24508 Published Mar 9, 2022

    Win32 File Enumeration Remote Code Execution Vulnerability

  30. CVE-2021-44142 Published Feb 21, 2022

    The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

  31. CVE-2021-36958 Published Aug 12, 2021

    <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>

  32. CVE-2021-36934 Published Jul 22, 2021

    <p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p> <p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href="https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7">KB5005357- Delete Volume Shadow Copies</a>.</p>

  33. CVE-2021-34527 Published Jul 2, 2021

    <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.</p> <p>In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (<strong>Note</strong>: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):</p> <ul> <li>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint</li> <li>NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)</li> <li>UpdatePromptSettings = 0 (DWORD) or not defined (default setting)</li> </ul> <p><strong>Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.</strong></p> <p>UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also <a href="https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7">KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates</a>.</p> <p>Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527.</p>

  34. CVE-2021-28324 Published Apr 13, 2021

    Windows SMB Information Disclosure Vulnerability

  35. CVE-2021-21469 Published Jan 12, 2021

    When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure.

  36. CVE-2020-17026 Published Nov 11, 2020

    Windows Remote Access Elevation of Privilege Vulnerability

  37. CVE-2020-1013 Published Sep 11, 2020

    <p>An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine.</p> <p>To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine. An attacker could then create a group policy to grant administrator rights to a standard user.</p> <p>The security update addresses the vulnerability by enforcing Kerberos authentication for certain calls over LDAP.</p>

  38. CVE-2020-1301 Published Jun 9, 2020

    A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'.

  39. CVE-2020-0796 Published Mar 12, 2020

    A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.