{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1933", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-02-04T21:04:39.737Z", "datePublished": "2026-05-27T12:28:44.600Z", "dateUpdated": "2026-06-03T23:47:43.854Z"}, "containers": {"cna": {"title": "Samba: missing access check on reparse point operations", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Samba\u2019s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "samba", "defaultStatus": "affected", "versions": [{"version": "0:4.23.5-109.el10_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:10.2"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "samba", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "samba4", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "samba", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "samba", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "samba", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:22963", "name": "RHSA-2026:22963", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-1933", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447317", "name": "RHBZ#2447317", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.samba.org/show_bug.cgi?id=15992"}], "datePublic": "2026-05-27T12:08:33.095Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "Improper Access Control", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-284: Improper Access Control", "workarounds": [{"lang": "en", "value": "Administrators can mitigate this issue by ensuring users who access a read only = yes Samba share do not have filesystem-level write permission to the exported files.\n\nA server administrator may also monitor and remove unintended \"user.SmbReparse\" xattr (extended attributes) and the associated FILE_ATTRIBUTE_REPARSE_POINT \"user.DosAttrib\" bit metadata if exploitation is suspected."}], "timeline": [{"lang": "en", "time": "2026-03-13T08:29:39.852Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-05-27T12:08:33.095Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Asim Viladi Oglu Manizada for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-03T23:47:43.854Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-27T14:40:45.546157Z", "id": "CVE-2026-1933", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-27T14:41:01.347Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1933", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-27T14:40:45.546157Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-27T14:40:56.004Z"}}], "cna": {"title": "Samba: missing access check on reparse point operations", "credits": [{"lang": "en", "value": "Red Hat would like to thank Asim Viladi Oglu Manizada for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:/o:redhat:enterprise_linux:10.2"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "versions": [{"status": "unaffected", "version": "0:4.23.5-109.el10_2", "lessThan": "*", "versionType": "rpm"}], "packageName": "samba", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "samba", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "samba4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "samba", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "samba", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "samba", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "rhcos", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-03-13T08:29:39.852Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-05-27T12:08:33.095Z", "value": "Made public."}], "datePublic": "2026-05-27T12:08:33.095Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:22963", "name": "RHSA-2026:22963", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-1933", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447317", "name": "RHBZ#2447317", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.samba.org/show_bug.cgi?id=15992"}], "workarounds": [{"lang": "en", "value": "Administrators can mitigate this issue by ensuring users who access a read only = yes Samba share do not have filesystem-level write permission to the exported files.\n\nA server administrator may also monitor and remove unintended \"user.SmbReparse\" xattr (extended attributes) and the associated FILE_ATTRIBUTE_REPARSE_POINT \"user.DosAttrib\" bit metadata if exploitation is suspected."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in Samba\u2019s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Control"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-03T23:47:43.854Z"}, "x_redhatCweChain": "CWE-284: Improper Access Control"}}, "cveMetadata": {"cveId": "CVE-2026-1933", "state": "PUBLISHED", "dateUpdated": "2026-06-03T23:47:43.854Z", "dateReserved": "2026-02-04T21:04:39.737Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-05-27T12:28:44.600Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "885550D7-888E-447A-9658-763D1C0348EA", "versionEndExcluding": "4.2.2", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Samba\u2019s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types."}], "id": "CVE-2026-1933", "lastModified": "2026-06-04T00:16:59.193", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2026-05-27T14:16:44.023", "references": [{"source": "[email protected]", "url": "https://access.redhat.com/errata/RHSA-2026:22963"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2026-1933"}, {"source": "[email protected]", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447317"}, {"source": "[email protected]", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=15992"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Asim Viladi Oglu Manizada for reporting this issue.", "bugzilla": {"description": "samba: Missing access check on reparse point operations", "id": "2447317", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447317"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-284", "details": ["A flaw was found in Samba\u2019s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types."], "mitigation": {"lang": "en:us", "value": "Administrators can mitigate this issue by ensuring users who access a read only = yes Samba share do not have filesystem-level write permission to the exported files.\nA server administrator may also monitor and remove unintended \"user.SmbReparse\" xattr (extended attributes) and the associated FILE_ATTRIBUTE_REPARSE_POINT \"user.DosAttrib\" bit metadata if exploitation is suspected."}, "name": "CVE-2026-1933", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "samba4", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-05-27T12:08:33Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-1933\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-1933\nhttps://bugzilla.samba.org/show_bug.cgi?id=15992"], "statement": "This vulnerability is rated Important severity by Red Hat Product Security, because authenticated users with filesystem-level write permissions may bypass Samba\u2019s SMB-layer read-only protections for reparse point operations.\nThe flaw affects shares configured with \"read only = yes\", where Samba failed to properly enforce access checks when setting or deleting reparse point metadata. An attacker with existing write permissions on the underlying filesystem may manipulate SMB reparse point metadata to alter how files are presented to SMB clients, including converting files into symbolic links.\nThe vulnerability does not bypass underlying filesystem access controls or grant additional operating system privileges. However, successful exploitation may significantly disrupt file access for users of the affected share, including making large portions of a shared filesystem unavailable through widespread reparse point modification. Because the attack requires authenticated access and existing filesystem write permissions, Privileges Required are assessed as Low (PR:L).\n```\nThis vulnerability affects Samba versions beginning with the introduction of NTFS-style reparse point support in Samba 4.21.\n```", "threat_severity": "Important"}