Samba Printing Subsystem Vulnerability in Samba Software
CVE-2026-4480

8.5HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
26 May 2026

What is CVE-2026-4480?

A vulnerability exists in the Samba printing subsystem that allows remote attackers to execute arbitrary commands on affected systems. The flaw occurs due to improper handling of the client-controlled job description string, which is passed directly to the configured print command without escaping shell meta characters. By crafting a malicious print job description containing unescaped shell characters, an attacker can manipulate the system to execute arbitrary code remotely, potentially leading to unauthorized access and control over the machine.

References

https://access.redhat.com/security/cve/CVE-2026-4480
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2452232
issue-trackingx_refsource_REDHAT
https://bugzilla.samba.org/show_bug.cgi?id=16033

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.