Samba Vulnerability Allows Information Disclosure

CERT-Bund Security Advisories

Published March 18th, 2026

Detected March 19th, 2026

Summary

CERT-Bund has issued an advisory regarding a Samba vulnerability (WID-SEC-2026-0780) that allows local attackers to disclose information. The vulnerability affects Open Source Samba versions prior to 4.24.0 and has a CVSS Base Score of 5.5.

View original document View source feed page

What changed

CERT-Bund has released an advisory (WID-SEC-2026-0780) detailing a medium-severity vulnerability in Samba, a popular open-source software suite for SMB/CIFS file and print services. The vulnerability, affecting versions prior to 4.24.0, allows a local attacker to exploit an information disclosure flaw. The CVSS Base Score is 5.5, with a Temporal Score of 4.8.

Organizations utilizing affected Samba versions, particularly those running on UNIX-like operating systems, should prioritize patching or applying mitigations. While the advisory does not specify a compliance deadline, prompt remediation is advised to prevent unauthorized information disclosure and potential further security breaches. Failure to address this vulnerability could lead to sensitive data exposure.

What to do next

Update Samba to version 4.24.0 or later
Apply available security patches and mitigations
Review system logs for signs of exploitation

Source document (simplified)

[WID-SEC-2026-0780] Samba: Schwachstelle ermöglicht Offenlegung von Informationen CVSS Base Score 5.5 (mittel) CVSS Temporal Score 4.8 (mittel) Remoteangriff nein Datum 18.03.2026 Stand 19.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

Sonstiges
UNIX

Produktbeschreibung

Samba ist eine Open Source Software Suite, die Druck- und Dateidienste für SMB/CIFS Clients implementiert.

Produkte

18.03.2026
- Open Source Samba <4.24.0

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Samba ausnutzen, um Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben