CVE-2026-3238 - Vulnerability Details

- Samba: denial of service against ad dc wins server

Description

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets.

Published: 2026-06-08

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Samba’s WINS server, when acting as an Active Directory Domain Controller, fails to validate certain request types, causing a NULL pointer dereference that crashes the service when an attacker sends crafted UDP packets. This flaw allows an unauthenticated remote attacker to disrupt the availability of the WINS service and, consequently, the domain controller’s name‑resolution functionality. The weakness is a classic NULL pointer dereference identified as CWE‑476.

Affected Systems

The vulnerability affects Red Hat Enterprise Linux distributions 6 through 10 and the OpenShift Container Platform 4 when Samba is installed and configured to provide WINS service for Active Directory Domain Controllers. Any system running those distributions with the affected Samba version is vulnerable.

Risk and Exploitability

The CVSS score of 7.5 indicates a high‑severity problem. EPSS data are not available, but the flaw is exploitable by an unauthenticated remote attacker who can send UDP packets to the WINS port on an exposed network. The issue is not listed in CISA’s KEV catalog, but its impact on identity‑resolution services makes it a significant availability threat. The attack requires only network access and no privileged credentials, so the risk remains substantial.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor	Product	Default status	Versions
Red Hat	Red Hat Enterprise Linux 10	unknown	—
Red Hat	Red Hat Enterprise Linux 6	unknown	—
Red Hat	Red Hat Enterprise Linux 6	unknown	—
Red Hat	Red Hat Enterprise Linux 7	unknown	—
Red Hat	Red Hat Enterprise Linux 8	unknown	—
Red Hat	Red Hat Enterprise Linux 9	unknown	—
Red Hat	Red Hat OpenShift Container Platform 4	unknown	—

No data.

No data available yet.

Remediation

Vendor Workaround

As a workaround, deployments that do not strictly require Samba-provided WINS functionality should disable WINS support by removing: ``` wins support = yes ``` from the Samba configuration.

OpenCVE Recommended Actions

Apply the latest Samba update that fixes the WINS protocol null‑pointer dereference.
If unable to patch, disable WINS support by removing or setting "wins support = no" in smb.conf.
Restrict access to the Samba WINS UDP port with firewall rules to allow traffic only from trusted hosts.

Generated by OpenCVE AI on June 8, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6297-1	samba security update
Ubuntu USN	USN-8306-1	Samba vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00075.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2026-3238
https://bugzilla.redhat.com/show_bug.cgi?id=2486176
https://www.samba.org/samba/security/CVE-2026-3238.html

History

Mon, 08 Jun 2026 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 08 Jun 2026 08:30:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets.
Title		Samba: denial of service against ad dc wins server
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift
Weaknesses		CWE-476
CPEs		cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2026-3238 https://bugzilla.redhat.com/show_bug.cgi?id=2486176 https://www.samba.org/samba/security/CVE-2026-3238.html
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Subscriptions

Redhat Enterprise Linux Openshift

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-06-08T07:34:20.690Z

Updated: 2026-06-08T08:29:25.265Z

Reserved: 2026-02-26T00:47:38.208Z

Link: CVE-2026-3238

Vulnrichment

Updated: 2026-06-08T12:58:14.841Z

NVD

Status : Received

Published: 2026-06-08T09:16:30.160

Modified: 2026-06-08T09:16:30.160

Link: CVE-2026-3238

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-08T09:30:20Z

Weaknesses

CWE-476

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object