CVE-2026-1933
Samba: missing access check on reparse point operations
CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
9th
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.
| CWE | CWE-284 |
| Vendor | red hat |
| Product | red hat enterprise linux 10 |
| Published | May 27, 2026 |
| Last Updated | Jun 3, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat enterprise linux 10
Be the first to know when new high vulnerabilities affecting red hat red hat enterprise linux 10 are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High
Affected Versions
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected References
Credits
Red Hat would like to thank Asim Viladi Oglu Manizada for reporting this issue.