CVE-2026-1933 HIGH

CVE-2026-1933: Samba: missing access check on reparse point operations

Vendor Red Hat

Product Red Hat Enterprise Linux 6

Weakness CWE-284

Published May 27, 2026

Last update June 30, 2026

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.

Key dates

02Disclosure timeline

May 27, 2026 CVE published

June 30, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-1933 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2026-1933

CWE CWE-284

CVSS 7.1 / HIGH

Affected versions

Vendor Red Hat

Product Red Hat Enterprise Linux 6

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 6

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 7

Affected All versions

Vendor Red Hat

Product Red Hat OpenShift Container Platform 4

Affected All versions

CVE-2026-1933: Samba: missing access check on reparse point operations

01Description

02Disclosure timeline

03References

04Related CVE