VDB
DEBIAN-CVE-2026-23303
DEBIAN-CVE-2026-23303
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifs_set_cifscreds When debug logging is enabled, cifs_set_cifscreds() logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing credentials.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | linux | 6.17.9-1, 6.12.38-1, 6.12.41-1 |
| Debian:13 | linux | 0, 6.12.48-1, 6.12.73-1~bpo12+1 |
| Debian:11 | linux | 5.19.11-1, 5.19, 5.19 |
| Debian:11 | linux-6.1 | 6.1.106-3, 6.1.106-3, 6.1.106-3 |
| Debian:12 | linux | 6.10.9-1, 6.11-1~exp1, 6.11.10-1 |
Timeline
- Mar 25, 2026 CVE Published
- May 2, 2026 CVE Updated