Vulnerability in Samba's vfs_worm Module Affects File Protection Mechanism
CVE-2026-2340

6.5MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Vendor
CVE Published:
27 May 2026

What is CVE-2026-2340?

A vulnerability in the vfs_worm module of Samba allows authenticated users with write access to bypass write-once, read-many (WORM) protections. This flaw arises from insufficient validation during rename operations, enabling an attacker to overwrite a protected file by renaming a newly created file to match the name of the existing WORM-protected file. This compromise can lead to unauthorized modifications and potential data integrity risks, highlighting the need for timely patching and validation mechanisms to safeguard against such issues.

Affected Version(s)

Red Hat Enterprise Linux 10 0:4.23.5-109.el10_2

Red Hat Enterprise Linux 10.0 Extended Update Support 0:4.21.3-114.el10_0.1

Red Hat Enterprise Linux 8 0:4.19.4-16.el8_10

References

https://access.redhat.com/errata/RHSA-2026:22644
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22963
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25049
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Pavel Kohout (Aisle Research) for reporting this issue.
.