smb/client: fix out-of-bounds read in smb2_compound_op()
CVE-2026-46155 is a vulnerability in Microsoft products involving an out-of-bounds read in the smb2_compound_op() function. The vulnerability affects Microsoft and Azure Linux versions 3. 0. No CVSS score or detailed impact information is provided. There are no known exploits in the wild, and no patch or remediation details are currently available. The vendor advisory does not specify a fix or mitigation. The vulnerability relates to SMB client functionality and could potentially lead to memory safety issues.
AI Analysis
Technical Summary
This vulnerability involves an out-of-bounds read in the smb2_compound_op() function within Microsoft and Azure Linux 3.0 SMB client implementations. The out-of-bounds read could cause improper memory access, potentially leading to application crashes or information disclosure. No further technical details, CVSS score, or exploit information is provided in the available data. The vendor advisory from Microsoft Security Response Center does not include patch or mitigation information at this time.
Potential Impact
The impact is currently unclear due to lack of detailed information and absence of a CVSS score. Out-of-bounds reads can lead to application instability or information disclosure, but no known exploits or confirmed impact scenarios are reported. Without vendor guidance, the exact risk level remains uncertain.
Mitigation Recommendations
Patch status is not yet confirmed — check the Microsoft Security Response Center advisory for current remediation guidance. No official fix or mitigation instructions are provided in the available data. Users should monitor vendor communications for updates.
smb/client: fix out-of-bounds read in smb2_compound_op()
Description
CVE-2026-46155 is a vulnerability in Microsoft products involving an out-of-bounds read in the smb2_compound_op() function. The vulnerability affects Microsoft and Azure Linux versions 3. 0. No CVSS score or detailed impact information is provided. There are no known exploits in the wild, and no patch or remediation details are currently available. The vendor advisory does not specify a fix or mitigation. The vulnerability relates to SMB client functionality and could potentially lead to memory safety issues.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves an out-of-bounds read in the smb2_compound_op() function within Microsoft and Azure Linux 3.0 SMB client implementations. The out-of-bounds read could cause improper memory access, potentially leading to application crashes or information disclosure. No further technical details, CVSS score, or exploit information is provided in the available data. The vendor advisory from Microsoft Security Response Center does not include patch or mitigation information at this time.
Potential Impact
The impact is currently unclear due to lack of detailed information and absence of a CVSS score. Out-of-bounds reads can lead to application instability or information disclosure, but no known exploits or confirmed impact scenarios are reported. Without vendor guidance, the exact risk level remains uncertain.
Mitigation Recommendations
Patch status is not yet confirmed — check the Microsoft Security Response Center advisory for current remediation guidance. No official fix or mitigation instructions are provided in the available data. Users should monitor vendor communications for updates.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_vex
- Csaf Version
- 2.0
- Publisher
- Microsoft Security Response Center
- Advisory Id
- msrc_CVE-2026-46155
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a19fed0e29bf47b500fe3bb
Added to database: 5/29/2026, 9:02:08 PM
Last enriched: 5/29/2026, 9:13:43 PM
Last updated: 5/31/2026, 4:43:23 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.