Description
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.
Published: 2026-05-27
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Samba’s handling of NTFS-style reparse points allows authenticated users who have filesystem write permissions to create or delete reparse point metadata even when a share is configured as read‑only. The missing SMB‑layer access checks enable these users to alter file system behavior seen over SMB, for example by converting files into symbolic links or other reparse point types, potentially compromising integrity and facilitating further attacks.

Affected Systems

The vulnerability affects multiple Red Hat distributions, including Red Hat Enterprise Linux 10, 6, 7, 8, 9, and Red Hat OpenShift Container Platform 4. All installations running the vulnerable Samba package are impacted, as no version‑specific patch information is provided.

Risk and Exploitability

The CVSS score of 7.1 indicates moderate to high severity. EPSS is not available, making exploitation probability uncertain, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is network‑based SMB traffic; an attacker must authenticate to a read‑only share and also have underlying filesystem write access to manipulate reparse point metadata. This flaw allows unauthorized modification of SMB‑visible file behavior and may assist in privilege escalation or lateral movement within the network.

Generated by OpenCVE AI on May 27, 2026 at 16:16 UTC.

Remediation

Vendor Workaround

Administrators can mitigate this issue by ensuring users who access a read only = yes Samba share do not have filesystem-level write permission to the exported files. A server administrator may also monitor and remove unintended "user.SmbReparse" xattr (extended attributes) and the associated FILE_ATTRIBUTE_REPARSE_POINT "user.DosAttrib" bit metadata if exploitation is suspected.

OpenCVE Recommended Actions

  • Ensure that users who access read‑only Samba shares do not have filesystem‑level write permission to the exported files (CWE‑284 access control).
  • Monitor the filesystem for unexpected extended attributes such as user.SmbReparse or the FILE_ATTRIBUTE_REPARSE_POINT flag user.DosAttrib and remove them if found.
  • Apply the latest Samba update from Red Hat to address the missing access checks.

Generated by OpenCVE AI on May 27, 2026 at 16:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6297-1 samba security update
Ubuntu USN Ubuntu USN USN-8306-1 Samba vulnerabilities
History

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 27 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.
Title Samba: missing access check on reparse point operations
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-284
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

Redhat Enterprise Linux Openshift
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-05-27T14:41:01.347Z

Reserved: 2026-02-04T21:04:39.737Z

Link: CVE-2026-1933

cve-icon Vulnrichment

Updated: 2026-05-27T14:40:56.004Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:16:44.023

Modified: 2026-05-27T14:54:20.160

Link: CVE-2026-1933

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T12:08:33Z

Links: CVE-2026-1933 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T16:30:36Z

Weaknesses