Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-3238— Samba: denial of service against ad dc wins server

CVSS 7.5 · High EPSS 2.67% · P84

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 7

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-3238

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Samba: denial of service against ad dc wins server
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
空指针解引用
Source: NVD (National Vulnerability Database)
Vulnerability Title
Samba 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Samba是Samba开源的一个适用于 Linux 和 Unix 的标准 Windows 互操作性程序套件。 Samba存在代码问题漏洞,该漏洞源于作为Active Directory域控制器运行时,WINS协议处理程序未正确验证传入数据包,允许未经身份验证的远程攻击者通过特制UDP数据包触发空指针取消引用并导致WINS服务崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 6-cpe:/o:redhat:enterprise_linux:6
Red HatRed Hat Enterprise Linux 6-cpe:/o:redhat:enterprise_linux:6
Red HatRed Hat Enterprise Linux 7-cpe:/o:redhat:enterprise_linux:7
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4

II. Public POCs for CVE-2026-3238

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-3238

登录查看更多情报信息。

Vendor Advisories for CVE-2026-3238 (3)

Same Patch Batch · Red Hat · 2026-06-08 · 3 CVEs total

CVE-2026-116116.5 MEDIUM389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions
CVE-2026-115695.4 MEDIUMQuay: quay: stored xss via filedrop svg upload

IV. Related Vulnerabilities

V. Comments for CVE-2026-3238

No comments yet


Leave a comment