CVE-2026-1933 - Vulnerability Details

- Samba: missing access check on reparse point operations

Description

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.

Published: 2026-05-27

Score: 7.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in Samba’s handling of NTFS-style reparse points allows authenticated users who have filesystem write permissions to create or delete reparse point metadata even when a share is configured as read‑only. The missing SMB‑layer access checks enable these users to alter file system behavior seen over SMB, for example by converting files into symbolic links or other reparse point types, potentially compromising integrity and facilitating further attacks.

Affected Systems

The vulnerability affects multiple Red Hat distributions, including Red Hat Enterprise Linux 10, 6, 7, 8, 9, and Red Hat OpenShift Container Platform 4. All installations running the vulnerable Samba package are impacted, as no version‑specific patch information is provided.

Risk and Exploitability

The CVSS score of 7.1 indicates moderate to high severity. The EPSS score of <1% suggests a very low probability that this vulnerability will be exploited in the wild, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is network‑based SMB traffic; an attacker must authenticate to a read‑only share and also have underlying filesystem write access to manipulate reparse point metadata. This flaw allows unauthorized modification of SMB‑visible file behavior and may assist in privilege escalation or lateral movement within the network.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Red Hat

Red Hat Enterprise Linux 10

affected

Version	Status	Constraints
`0:4.23.5-109.el10_2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`0:4.19.4-16.el8_10`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`0:4.19.4-16.el8_10`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:4.23.5-10.el9_8`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:4.23.5-10.el9_8`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.6 Extended Update Support

affected

Version	Status	Constraints
`0:4.21.3-14.el9_6.1`	unaffected	< *

Red Hat Red Hat Enterprise Linux 6 unknown —

Red Hat Red Hat Enterprise Linux 7 affected —

Red Hat Red Hat OpenShift Container Platform 4 affected —

Configuration 1 [-]

OR	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*
	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*

No data.

Vendor Product Confidence Versions

Redhat

Enterprise Linux

100%

Version	Status	Scheme	Platform
`—`	affected	—	—

Redhat

Openshift Container Platform

86%

Version	Status	Scheme	Platform
`—`	affected	—	—

Samba

80%

Version	Status	Scheme	Platform
`—`	affected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Workaround

Administrators can mitigate this issue by ensuring users who access a read only = yes Samba share do not have filesystem-level write permission to the exported files. A server administrator may also monitor and remove unintended "user.SmbReparse" xattr (extended attributes) and the associated FILE_ATTRIBUTE_REPARSE_POINT "user.DosAttrib" bit metadata if exploitation is suspected.

OpenCVE Recommended Actions

Ensure that users who access read‑only Samba shares do not have filesystem‑level write permission to the exported files (CWE‑284 access control).
Monitor the filesystem for unexpected extended attributes such as user.SmbReparse or the FILE_ATTRIBUTE_REPARSE_POINT flag user.DosAttrib and remove them if found.
Apply the latest Samba update from Red Hat to address the missing access checks.

Generated by OpenCVE AI on June 3, 2026 at 04:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6297-1	samba security update
Ubuntu USN	USN-8306-1	Samba vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00511.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://access.redhat.com/errata/RHSA-2026:22644
https://access.redhat.com/errata/RHSA-2026:22963
https://access.redhat.com/errata/RHSA-2026:25049
https://access.redhat.com/errata/RHSA-2026:25979
https://access.redhat.com/security/cve/CVE-2026-1933
https://bugzilla.redhat.com/show_bug.cgi?id=2447317
https://bugzilla.samba.org/show_bug.cgi?id=15992
https://nvd.nist.gov/vuln/detail/CVE-2026-1933
https://www.cve.org/CVERecord?id=CVE-2026-1933

History

Tue, 16 Jun 2026 22:00:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos
References		https://access.redhat.com/errata/RHSA-2026:22644

Mon, 15 Jun 2026 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/a:redhat:rhel_eus:9.6::crb cpe:/a:redhat:rhel_eus:9.6::resilientstorage cpe:/o:redhat:rhel_eus:9.6::baseos
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2026:25979

Wed, 10 Jun 2026 16:00:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::resilientstorage cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2026:25049

Thu, 04 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:10~~	cpe:/o:redhat:enterprise_linux:10.2
References		https://access.redhat.com/errata/RHSA-2026:22963

Wed, 03 Jun 2026 02:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:samba:samba:::::::: cpe:2.3:o:redhat:enterprise_linux:10.0:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Sat, 30 May 2026 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Container Platform Samba Samba samba
Vendors & Products		Redhat openshift Container Platform Samba Samba samba

Thu, 28 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2026-1933 https://www.cve.org/CVERecord?id=CVE-2026-1933
Metrics	threat_severity `None`	threat_severity `Important`

Wed, 27 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.
Title		Samba: missing access check on reparse point operations
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift
Weaknesses		CWE-284
CPEs		cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2026-1933 https://bugzilla.redhat.com/show_bug.cgi?id=2447317 https://bugzilla.samba.org/show_bug.cgi?id=15992
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H'}`

Subscriptions

Redhat Enterprise Linux Openshift Openshift Container Platform Rhel Eus

Samba Samba

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-05-27T12:28:44.600Z

Updated: 2026-06-16T21:16:37.657Z

Reserved: 2026-02-04T21:04:39.737Z

Link: CVE-2026-1933

Vulnrichment

Updated: 2026-05-27T14:40:56.004Z

NVD

Status : Modified

Published: 2026-05-27T14:16:44.023

Modified: 2026-06-15T22:16:16.320

Link: CVE-2026-1933

Redhat

Severity : Important

Publid Date: 2026-05-27T12:08:33Z

Links: CVE-2026-1933 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-03T04:45:25Z

Weaknesses

CWE-284
Improper Access Control
NVD-CWE-noinfo

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object