CVE-2026-4408: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Red Hat Red Hat Enterprise Linux 10
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execution on the affected system. This issue primarily affects non-standard configurations where the "check password script" is used with %u and the samba-dcerpcd service is started as a system service.
AI Analysis
Technical Summary
Red Hat Product Security issued an advisory (RHSA-2026:28132) for Samba addressing two remote code execution vulnerabilities: CVE-2026-4480 in the printing subsystem caused by unescaped job descriptions, and CVE-2026-4408 in the SAMR protocol. These vulnerabilities could allow an attacker to execute arbitrary code remotely. The advisory covers Red Hat Enterprise Linux 7 Extended Lifecycle Support variants. Red Hat has provided updated Samba packages to remediate these vulnerabilities.
Potential Impact
Successful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code on affected systems, potentially leading to full system compromise. The issues affect core Samba components responsible for file and printer sharing services, increasing the risk to systems running vulnerable versions.
Mitigation Recommendations
Red Hat has released official security updates for Samba in Red Hat Enterprise Linux 7 Extended Lifecycle Support to address these vulnerabilities. Users should apply the provided updates as detailed in Red Hat article 11258 to remediate the issues. Patch status is confirmed as fixed in the updated packages referenced in the advisory RHSA-2026:28132.
CVE-2026-4408: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Red Hat Red Hat Enterprise Linux 10
Description
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execution on the affected system. This issue primarily affects non-standard configurations where the "check password script" is used with %u and the samba-dcerpcd service is started as a system service.
CVSS v3.1
Score 9.0critical
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat Product Security issued an advisory (RHSA-2026:28132) for Samba addressing two remote code execution vulnerabilities: CVE-2026-4480 in the printing subsystem caused by unescaped job descriptions, and CVE-2026-4408 in the SAMR protocol. These vulnerabilities could allow an attacker to execute arbitrary code remotely. The advisory covers Red Hat Enterprise Linux 7 Extended Lifecycle Support variants. Red Hat has provided updated Samba packages to remediate these vulnerabilities.
Potential Impact
Successful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code on affected systems, potentially leading to full system compromise. The issues affect core Samba components responsible for file and printer sharing services, increasing the risk to systems running vulnerable versions.
Mitigation Recommendations
Red Hat has released official security updates for Samba in Red Hat Enterprise Linux 7 Extended Lifecycle Support to address these vulnerabilities. Users should apply the provided updates as detailed in Red Hat article 11258 to remediate the issues. Patch status is confirmed as fixed in the updated packages referenced in the advisory RHSA-2026:28132.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:28132
- Cve Count
- 2
- Additional Cves
- ["CVE-2026-4480"]
- Cvss Version
- null
Threat ID: 6a3aab54eed863c81e3a3a30
Added to database: 06/23/2026, 15:50:44 UTC
Last enriched: 06/23/2026, 15:51:41 UTC
Last updated: 06/24/2026, 11:08:59 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.