Remote Code Execution Vulnerability in OpenWrt Samba Application
CVE-2026-59260

8.7HIGH

Key Information:

Vendor

Openwrt

Status
Vendor
CVE Published:
12 July 2026

What is CVE-2026-59260?

The OpenWrt luci-app-samba4 has a vulnerability that allows authenticated users to exploit read ACL grants on /usr/sbin/smbd. This security flaw permits delegated users to execute the Samba daemon with command-line arguments they control. Attackers are able to pass arbitrary Samba global options, potentially executing unwanted commands on a root smbd process when SMB protocol messages are processed. This presents a significant risk, as it can lead to unauthorized access and manipulation of system functions.

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ZwCrazyThursday
.