CVE-2026-3012— Samba: group policy certificate enrollment uses http:// without validation
Possible ATT&CK Techniques 2AI
T1555 · Credentials from Password Stores T1557.002 · ARP Cache PoisoningGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-3012
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Samba: group policy certificate enrollment uses http:// without validation
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对数据真实性的验证不充分
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | - | cpe:/a:redhat:openshift:4 |
II. Public POCs for CVE-2026-3012
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-3012
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-3012 (1)
Vendor Advisories for CVE-2026-3012 (1)
- 🔗 2447319 – (CVE-2026-3012) CVE-2026-3012 samba: group policy certificate enrollment uses http:// without validation Read full article issue-trackingx_refsource_REDHAT
Other References for CVE-2026-3012 (1)
IV. Related Vulnerabilities
Same product: Red Hat Enterprise Linux 10
- CVE-2026-48864
Libsolv: heap buffer overflow in libsolv repopagestore via u - CVE-2026-4480
Samba: samba: remote code execution in printing subsystem vi - CVE-2026-9149
Libsolv: heap buffer overflow in libsolv repo_add_solv via n - CVE-2026-9150
Libsolv: stack-based buffer overflow in libsolv's debian met - CVE-2026-4802
Cockpit: cockpit: arbitrary command execution via crafted li
Same vendor: Red Hat
- CVE-2026-9689
Keycloak: org.keycloak.protocol.oidc: http parameter polluti - CVE-2026-42013
Gnutls: gnutls: certificate validation bypass due to oversiz - CVE-2026-42015
Gnutls: gnutls: memory corruption due to off-by-one error in - CVE-2026-42012
Gnutls: gnutls: certificate validation bypass due to imprope - CVE-2026-5260
Gnutls: gnutls: information disclosure via heap overread in
Same weakness: CWE-345
- CVE-2026-41164
nuts-node: JWT type confusion in v1 access token introspecti - CVE-2026-25602
Mesalvo Meona Client Launcher Component和Mesalvo Meona Server - CVE-2026-44308
Spring Cloud AWS: Missing SNS message signature verification - CVE-2026-44999
OpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated C - CVE-2026-42575
apko doesn't verify downloaded apk packages against APKINDEX
V. Comments for CVE-2026-3012
No comments yet