CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-4408 — A flaw was found in Samba. A remote attacker can exploit a misconfiguration in S...

·Source: NIST NVD

Updated:

Executive Summary

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execu

Analysis

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execution on the affected system. This issue primarily affects non-standard configurations where the "check password script" is used with %u and the samba-dcerpcd service is started as a system service. CVSS Score: 9. Published: 2026-05-28T09:16:47.643.

Indicators of Compromise (1)

CVE (1)
CVE-2026-4408
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 28, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks

Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]

CVE-2026-0257
BleepingComputer
CRITICALVulnerabilityPOC

Exploit Code Published for Critical Flowise RCE Vulnerability

The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek .

CVE-2026-40933
SecurityWeek
LOWVulnerability

New CIFSwitch Linux flaw gives root on multiple distributions

A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges. [...]

BleepingComputer