CVE-2026-1933
MEDIUM EPSS 52.9%
Published May 27, 20261mo ago · Modified Jun 23, 20266d ago
6.5 CVSS 3.1
Published May 27, 2026 1mo ago
Last Modified Jun 23, 2026 6d ago
Description
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability None
Threat Intelligence
EPSS Exploit Probability
52.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-284
Affected Products 6
References 12
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:22644
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:22963
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:25049
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:25979
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:28053
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:28054
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:28055
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:28056
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:28057
- access.redhat.com https://access.redhat.com/security/cve/CVE-2026-1933
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2447317
- bugzilla.samba.org https://bugzilla.samba.org/show_bug.cgi?id=15992
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.