VDB
CVE-2026-3238
CVE-2026-3238
PUBLISHED
CVSS 7.5 HIGH
Reported by redhat · Published June 8, 2026
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| alpine | samba | 0, 0, 0 |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 10 | |
| Red Hat | Red Hat Enterprise Linux 6 |
Timeline
- May 26, 2026 CVE Published
- Jun 10, 2026 Coalition ESS Score
References
- vdb-entryx_refsource_REDHAT
- RHBZ#2486176 issue-trackingx_refsource_REDHAT