CVE-2026-3012: Insufficient Verification of Data Authenticity in Red Hat Red Hat Enterprise Linux 10
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.
AI Analysis
Technical Summary
This vulnerability involves Samba's handling of certificate auto-enrollment Group Policy in Red Hat Enterprise Linux 10. Specifically, when certificate auto-enrollment is enabled, Samba may fetch a CA certificate via an unencrypted HTTP connection and install it into the local trust store without adequate verification. An attacker capable of intercepting or redirecting network traffic could exploit this to introduce a malicious CA certificate, potentially compromising trusted communications by enabling interception or spoofing. The CVSS v3.1 score is 8.0, indicating high severity with network attack vector requiring high attack complexity and no privileges or user interaction needed. The vendor advisory does not currently specify an available patch or remediation.
Potential Impact
Successful exploitation could allow an attacker with network interception capabilities to insert a malicious CA certificate into the local trust store. This could lead to interception or spoofing of communications that rely on trusted certificates, compromising confidentiality and integrity. There is no indication of availability impact. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-3012 for current remediation guidance. Until a fix is available, consider disabling certificate auto-enrollment in Samba if feasible or restricting network paths to prevent interception or redirection of HTTP traffic used for certificate retrieval.
CVE-2026-3012: Insufficient Verification of Data Authenticity in Red Hat Red Hat Enterprise Linux 10
Description
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.
CVSS v3.1
Score 8.0high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves Samba's handling of certificate auto-enrollment Group Policy in Red Hat Enterprise Linux 10. Specifically, when certificate auto-enrollment is enabled, Samba may fetch a CA certificate via an unencrypted HTTP connection and install it into the local trust store without adequate verification. An attacker capable of intercepting or redirecting network traffic could exploit this to introduce a malicious CA certificate, potentially compromising trusted communications by enabling interception or spoofing. The CVSS v3.1 score is 8.0, indicating high severity with network attack vector requiring high attack complexity and no privileges or user interaction needed. The vendor advisory does not currently specify an available patch or remediation.
Potential Impact
Successful exploitation could allow an attacker with network interception capabilities to insert a malicious CA certificate into the local trust store. This could lead to interception or spoofing of communications that rely on trusted certificates, compromising confidentiality and integrity. There is no indication of availability impact. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-3012 for current remediation guidance. Until a fix is available, consider disabling certificate auto-enrollment in Samba if feasible or restricting network paths to prevent interception or redirection of HTTP traffic used for certificate retrieval.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-02-23T07:08:58.479Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-3012","vendor":"Red Hat"}]
Threat ID: 6a16c886e29bf47b50b1dae9
Added to database: 5/27/2026, 10:33:42 AM
Last enriched: 5/27/2026, 11:03:51 AM
Last updated: 5/29/2026, 6:24:01 PM
Views: 36
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.