Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-26T13:43:46 samba: Samba: Remote Code Execution in printing subsystem via unescaped job description 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CWE-78

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.

The issue affects the Samba printing subsystem. Red Hat has classified this issue as Important severity rather than Critical. Print servers configured with ```"printing = cups"``` or ```"printing = iprint"```, and print servers that do not have the ```"%J"``` substitution character in the "print command" setting are not affected. By default, Red Hat Enterprise Linux ships with Samba configured to use CUPS-based printing ```printing = cups```. Hence, although the vulnerable code is present, it is not exploitable in default RHEL configurations. Because exploitation depends on non-default Samba printing configurations and requires use of the %J substitution parameter within print command, the attack complexity is considered High (AC:H), reducing the likelihood of exploitation in standard deployments. Red Hat would like to thank Arjun Basnet (Securin Labs), John Walker (ZeroPath), and Ron Ben Yizhak (SafeBreach) for reporting this issue. Remove ```"%J"``` from the "print command" in ```smb.conf``` entry. Red Hat Enterprise Linux 10 2026-06-03T00:00:00Z RHSA-2026:22963 samba-0:4.23.5-109.el10_2 Red Hat Enterprise Linux 10.0 Extended Update Support 2026-06-23T00:00:00Z RHSA-2026:28055 samba-0:4.21.3-114.el10_0.1 Red Hat Enterprise Linux 7 Extended Lifecycle Support 2026-06-23T00:00:00Z RHSA-2026:28132 samba-0:4.10.16-26.el7_9.1 Red Hat Enterprise Linux 7 Extended Lifecycle Support 2026-06-23T00:00:00Z RHSA-2026:28132 samba-0:4.10.16-26.el7_9.1 Red Hat Enterprise Linux 8 2026-06-03T00:00:00Z RHSA-2026:22644 samba-0:4.19.4-16.el8_10 Red Hat Enterprise Linux 8 2026-06-03T00:00:00Z RHSA-2026:22644 samba-0:4.19.4-16.el8_10 Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 2026-06-23T00:00:00Z RHSA-2026:28058 samba-0:4.13.3-12.el8_4.1 Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On 2026-06-23T00:00:00Z RHSA-2026:28058 samba-0:4.13.3-12.el8_4.1 Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support 2026-06-23T00:00:00Z RHSA-2026:28057 samba-0:4.15.5-16.el8_6.1 Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On 2026-06-23T00:00:00Z RHSA-2026:28057 samba-0:4.15.5-16.el8_6.1 Red Hat Enterprise Linux 8.8 Telecommunications Update Service 2026-06-23T00:00:00Z RHSA-2026:28056 samba-0:4.17.5-7.el8_8.1 Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions 2026-06-23T00:00:00Z RHSA-2026:28056 samba-0:4.17.5-7.el8_8.1 Red Hat Enterprise Linux 9 2026-06-10T00:00:00Z RHSA-2026:25049 samba-0:4.23.5-10.el9_8 Red Hat Enterprise Linux 9 2026-06-10T00:00:00Z RHSA-2026:25049 samba-0:4.23.5-10.el9_8 Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions 2026-06-23T00:00:00Z RHSA-2026:28054 samba-0:4.17.5-105.el9_2.5 Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions 2026-06-23T00:00:00Z RHSA-2026:28053 samba-0:4.19.4-105.el9_4.4 Red Hat Enterprise Linux 9.6 Extended Update Support 2026-06-15T00:00:00Z RHSA-2026:25979 samba-0:4.21.3-14.el9_6.1 Red Hat Enterprise Linux 6 Out of support scope samba Red Hat Enterprise Linux 6 Out of support scope samba4 Red Hat OpenShift Container Platform 4 Not affected rhcos https://www.cve.org/CVERecord?id=CVE-2026-4480 https://nvd.nist.gov/vuln/detail/CVE-2026-4480 https://bugzilla.samba.org/show_bug.cgi?id=16033