VDB

CVE-2026-3012

CVE-2026-3012 PUBLISHED CVSS 8 HIGH

Reported by redhat · Published May 27, 2026

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.

Risk Scores

CVSS v3.1
8
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red HatRed Hat Enterprise Linux 100:4.23.5-109.el10_2
Red HatRed Hat Enterprise Linux 80:4.19.4-16.el8_10
Red HatRed Hat Enterprise Linux 80:4.19.4-16.el8_10
Red HatRed Hat Enterprise Linux 90:4.23.5-10.el9_8
Red HatRed Hat Enterprise Linux 90:4.23.5-10.el9_8
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat Enterprise Linux 7
Red HatRed Hat OpenShift Container Platform 4
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat Enterprise Linux 80:4.19.4-16.el8_10, 0:4.19.4-16.el8_10, 0:4.19.4-16.el8_10
Red HatRed Hat OpenShift Container Platform 4
Red HatRed Hat Enterprise Linux 6
alpinesamba0, 0, 0
Red HatRed Hat Enterprise Linux 90:4.23.5-10.el9_8, 0:4.23.5-10.el9_8
Red HatRed Hat Enterprise Linux 100:4.23.5-109.el10_2, 0:4.23.5-109.el10_2, 0:4.23.5-109.el10_2
Red HatRed Hat Enterprise Linux 7

Timeline

  • May 26, 2026 CVE Published
  • May 27, 2026 EPSS Score
  • May 28, 2026 EPSS Score
  • May 29, 2026 EPSS Score
  • May 30, 2026 EPSS Score
  • May 31, 2026 EPSS Score
  • Jun 1, 2026 EPSS Score
  • Jun 2, 2026 Security Advisory
  • Jun 3, 2026 Distribution Patch
  • Jun 3, 2026 Security Advisory
  • Jun 4, 2026 Distribution Patch
  • Jun 4, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›