Description
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J"
substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.
Published: 2026-05-26
Score: 9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Samba printing subsystem allows a remote attacker to inject shell metacharacters through the job description field. The job description is passed to the system’s print command via the "%J" placeholder without proper escaping, creating a command injection vulnerability. An attacker who submits a print job containing forged shell characters can cause arbitrary code to execute on the host with the privileges of the Samba service, potentially compromising confidentiality, integrity, and availability of the affected system.

Affected Systems

The vulnerability affects Samba installations on Red Hat Enterprise Linux releases 6, 7, 8, 9, and 10, as well as the Red Hat OpenShift Container Platform 4. No specific Samba version numbers are listed, but all affected distributions ship the vulnerable code path.

Risk and Exploitability

The CVSS score of 9 indicates a high severity vulnerability, but the EPSS score is < 1%, indicating limited publicly known exploitation activity. The vulnerability is not currently listed in the CISA KEV catalog. The likely attack vector is inferred to be network-based: an adversary who can interact with the Samba service (e.g., via SMB) can send a crafted print job to trigger the injection. If exploited, the attacker gains code execution on the host as the user running Samba.

Generated by OpenCVE AI on June 3, 2026 at 12:24 UTC.

Remediation

Vendor Workaround

Remove ```"%J"``` from the "print command" in ```smb.conf``` entry.

OpenCVE Recommended Actions

  • Apply the latest Red Hat system update that patches the Samba printing subsystem
  • Repair the smb.conf configuration by removing the "%J" placeholder from the "print command" setting
  • Restrict or disable the Samba printing service if a patch is not immediately available

Generated by OpenCVE AI on June 3, 2026 at 12:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6297-1 samba security update
Ubuntu USN Ubuntu USN USN-8306-1 Samba vulnerabilities
History

Wed, 10 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb
cpe:/a:redhat:enterprise_linux:9::resilientstorage
cpe:/o:redhat:enterprise_linux:9::baseos
References

Thu, 04 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.2
References

Wed, 03 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::crb
cpe:/o:redhat:enterprise_linux:8::baseos
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}

 cvssV3_1

{'score': 9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Mon, 01 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Container Platform
Samba
Samba samba
Vendors & Products Redhat openshift Container Platform
Samba
Samba samba

Wed, 27 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 26 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.
Title Samba: samba: remote code execution in printing subsystem via unescaped job description
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-78
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux Openshift Openshift Container Platform
Samba Samba
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-10T15:32:05.727Z

Reserved: 2026-03-19T21:17:35.193Z

Link: CVE-2026-4480

cve-icon Vulnrichment

Updated: 2026-05-26T15:08:51.431Z

cve-icon NVD

Status : Modified

Published: 2026-05-26T15:16:40.937

Modified: 2026-06-10T16:17:13.213

Link: CVE-2026-4480

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-26T13:43:46Z

Links: CVE-2026-4480 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T12:30:26Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')