Remote Code Execution Vulnerability in OpenWrt Samba Application
CVE-2026-59260
8.7HIGH
What is CVE-2026-59260?
The OpenWrt luci-app-samba4 has a vulnerability that allows authenticated users to exploit read ACL grants on /usr/sbin/smbd. This security flaw permits delegated users to execute the Samba daemon with command-line arguments they control. Attackers are able to pass arbitrary Samba global options, potentially executing unwanted commands on a root smbd process when SMB protocol messages are processed. This presents a significant risk, as it can lead to unauthorized access and manipulation of system functions.
