Samba

This hub aggregates every CVE we track for Samba, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Samba.

• CVE-2026-3238Samba: denial of service against ad dc wins server7.5Jun 8, 2026
• CVE-2026-4408Samba: remote code execution in samr9.0May 28, 2026
• CVE-2026-1933Samba: missing access check on reparse point operations7.1May 27, 2026
• CVE-2026-2340Samba: vfs_worm does not block directory modification6.5May 27, 2026
• CVE-2026-3012Samba: group policy certificate enrollment uses http:// without validation8.0May 27, 2026
• CVE-2026-4480Samba: samba: remote code execution in printing subsystem via unescaped job description9.0May 26, 2026
• CVE-2025-10230Samba: command injection in wins server hook script10.0Nov 7, 2025
• CVE-2025-9640Samba: vfs_streams_xattr uninitialized memory write possible4.3Oct 15, 2025
• CVE-2025-0620Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session4.9Jun 6, 2025
• CVE-2020-25720Samba: check attribute access rights for ldap adds of computers7.5Nov 17, 2024
• CVE-2023-4154Samba: ad dc password exposure to privileged users and rodcs7.5Nov 7, 2023
• CVE-2023-42669Samba: "rpcecho" development server allows denial of service via sleep() call on ad dc6.5Nov 6, 2023
• CVE-2023-3961Samba: smbd allows client access to unix domain sockets on the file system as root9.1Nov 3, 2023
• CVE-2023-42670Samba: ad dc busy rpc multiple listener dos6.5Nov 3, 2023
• CVE-2023-4091Samba: smb clients can truncate files with read-only permissions6.5Nov 3, 2023