CVE-2026-4480— Samba: samba: remote code execution in printing subsystem via unescaped job description
Possible ATT&CK Techniques 1AI
T1059 · Command and Scripting InterpreterAffected Version Matrix 7
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | any | affected |
| Red Hat | Red Hat Enterprise Linux 6 | any | unknown |
any | unknown | ||
| Red Hat | Red Hat Enterprise Linux 7 | any | affected |
| Red Hat | Red Hat Enterprise Linux 8 | any | affected |
| Red Hat | Red Hat Enterprise Linux 9 | any | affected |
| Red Hat | Red Hat OpenShift Container Platform 4 | any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-4480
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Samba: samba: remote code execution in printing subsystem via unescaped job description
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | - | cpe:/a:redhat:openshift:4 |
II. Public POCs for CVE-2026-4480
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-4480
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-4480 (1)
Vendor Advisories for CVE-2026-4480 (1)
Other References for CVE-2026-4480 (1)
Same Patch Batch · Red Hat · 2026-05-26 · 7 CVEs total
| CVE-2026-7374 | 9.9 CRITICAL | Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink foll |
| CVE-2026-42013 | 8.2 HIGH | Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name |
| CVE-2026-5260 | 8.2 HIGH | Gnutls: gnutls: information disclosure via heap overread in rsa key exchange |
| CVE-2026-48864 | 7.8 HIGH | Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of mali |
| CVE-2026-42012 | 7.1 HIGH | Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans |
| CVE-2026-42015 | 5.3 MEDIUM | Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling |
IV. Related Vulnerabilities
Same product: Red Hat Enterprise Linux 10
- CVE-2026-3012
Samba: group policy certificate enrollment uses http:// with - CVE-2026-48864
Libsolv: heap buffer overflow in libsolv repopagestore via u - CVE-2026-9149
Libsolv: heap buffer overflow in libsolv repo_add_solv via n - CVE-2026-9150
Libsolv: stack-based buffer overflow in libsolv's debian met - CVE-2026-4802
Cockpit: cockpit: arbitrary command execution via crafted li
Same vendor: Red Hat
- CVE-2026-3012
Samba: group policy certificate enrollment uses http:// with - CVE-2026-42015
Gnutls: gnutls: memory corruption due to off-by-one error in - CVE-2026-42013
Gnutls: gnutls: certificate validation bypass due to oversiz - CVE-2026-42012
Gnutls: gnutls: certificate validation bypass due to imprope - CVE-2026-5260
Gnutls: gnutls: information disclosure via heap overread in
Same weakness: CWE-78
- CVE-2026-40852
Command injection via malicious configuration - CVE-2026-8450
HTTP::Daemon versions before 6.17 for Perl allow OS command - CVE-2026-9207
Command Injection in Connect Allows Privilege Escalation on - CVE-2026-44444
Lumiverse: Spindle extension install runs untrusted lifecycl - CVE-2026-9560
OpenVPN Connect macOS 3.5.1-3.8.1权限提升漏洞
V. Comments for CVE-2026-4480
No comments yet