vulnerability
Alma Linux: CVE-2026-4480: Important: samba security update (ALSA-2026-22644)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Jun 2, 2026 | Jun 3, 2026 | Jun 4, 2026 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Jun 2, 2026
Added
Jun 3, 2026
Modified
Jun 4, 2026
Description
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J"
substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.
Solutions
alma-upgrade-ctdbalma-upgrade-libnetapialma-upgrade-libnetapi-develalma-upgrade-libsmbclientalma-upgrade-libsmbclient-develalma-upgrade-libwbclientalma-upgrade-libwbclient-develalma-upgrade-python3-sambaalma-upgrade-python3-samba-dcalma-upgrade-python3-samba-develalma-upgrade-python3-samba-testalma-upgrade-sambaalma-upgrade-samba-clientalma-upgrade-samba-client-libsalma-upgrade-samba-commonalma-upgrade-samba-common-libsalma-upgrade-samba-common-toolsalma-upgrade-samba-dc-libsalma-upgrade-samba-dcerpcalma-upgrade-samba-develalma-upgrade-samba-krb5-printingalma-upgrade-samba-ldb-ldap-modulesalma-upgrade-samba-libsalma-upgrade-samba-pidlalma-upgrade-samba-testalma-upgrade-samba-test-libsalma-upgrade-samba-toolsalma-upgrade-samba-usersharesalma-upgrade-samba-vfs-iouringalma-upgrade-samba-winbindalma-upgrade-samba-winbind-clientsalma-upgrade-samba-winbind-krb5-locatoralma-upgrade-samba-winbind-modulesalma-upgrade-samba-winexe
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.