Description
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J"
substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.
Published: 2026-05-26
Score: 9 Critical
EPSS: 12.8% Moderate
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Samba printing subsystem allows a remote attacker to inject shell metacharacters through the job description field, leading to remote code execution. The job description is passed to the system’s print command via the "%J" placeholder without proper escaping, creating a command injection vulnerability classified as CWE-78. An attacker who submits a print job containing forged shell characters can cause arbitrary code to execute on the host with the privileges of the Samba service, potentially compromising confidentiality, integrity, and availability of the affected system.

Affected Systems

The vulnerability affects Samba installations on Red Hat Enterprise Linux releases 6, 7, 8, 9, and 10, as well as Red Hat OpenShift Container Platform 4. No specific Samba version numbers are listed, but all affected distributions ship the vulnerable code path.

Risk and Exploitability

The CVSS score of 9 indicates a high severity vulnerability, and the EPSS score of 13% suggests a relatively high likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is inferred to be network-based: an adversary who can interact with the Samba service (e.g., via SMB) can send a crafted print job to trigger the command injection and achieve code execution on the host as the user running Samba.

Generated by OpenCVE AI on June 24, 2026 at 13:14 UTC.

Remediation

Vendor Workaround

Remove ```"%J"``` from the "print command" in ```smb.conf``` entry.


OpenCVE Recommended Actions

  • Apply the latest Red Hat system update that patches the Samba printing subsystem
  • Remove "%J" from the "print command" setting in smb.conf
  • Restrict or disable the Samba printing service if a patch is not immediately available

Generated by OpenCVE AI on June 24, 2026 at 13:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6297-1 samba security update
Ubuntu USN Ubuntu USN USN-8306-1 Samba vulnerabilities
History

Tue, 23 Jun 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/a:redhat:rhel_e4s:9.4::appstream
cpe:/a:redhat:rhel_e4s:9.4::resilientstorage
cpe:/o:redhat:enterprise_linux:7::server
cpe:/o:redhat:rhel_e4s:9.4::baseos
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els
References

Tue, 23 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux Eus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/a:redhat:rhel_e4s:9.2::resilientstorage
cpe:/a:redhat:rhel_tus:8.8::appstream
cpe:/o:redhat:enterprise_linux_eus:10.0
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_e4s:9.2::baseos
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat enterprise Linux Eus
Redhat rhel E4s
Redhat rhel Tus
References

Tue, 23 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Eus Long Life
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
cpe:/o:redhat:rhel_eus_long_life:8.6::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel Eus Long Life
References

Mon, 15 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.6::appstream
cpe:/a:redhat:rhel_eus:9.6::crb
cpe:/a:redhat:rhel_eus:9.6::resilientstorage
cpe:/o:redhat:rhel_eus:9.6::baseos
Vendors & Products Redhat rhel Eus
References

Wed, 10 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb
cpe:/a:redhat:enterprise_linux:9::resilientstorage
cpe:/o:redhat:enterprise_linux:9::baseos
References

Thu, 04 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.2
References

Wed, 03 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::crb
cpe:/o:redhat:enterprise_linux:8::baseos
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}

cvssV3_1

{'score': 9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}


Mon, 01 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Container Platform
Samba
Samba samba
Vendors & Products Redhat openshift Container Platform
Samba
Samba samba

Wed, 27 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Tue, 26 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 26 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.
Title Samba: samba: remote code execution in printing subsystem via unescaped job description
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-78
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Redhat Enterprise Linux Enterprise Linux Eus Openshift Openshift Container Platform Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus
Samba Samba
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-30T12:10:41.327Z

Reserved: 2026-03-19T21:17:35.193Z

Link: CVE-2026-4480

cve-icon Vulnrichment

Updated: 2026-06-30T03:18:59.706Z

cve-icon NVD

Status : Modified

Published: 2026-05-26T15:16:40.937

Modified: 2026-06-17T10:56:40.373

Link: CVE-2026-4480

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-26T13:43:46Z

Links: CVE-2026-4480 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T13:15:15Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')