CVE-2026-3012
Modified Modified - Updated After Analysis
Samba Certificate Auto-Enrollment HTTP Spoofing Flaw

Publication date: 2026-05-27

Last updated on: 2026-06-15

Assigner: Red Hat, Inc.

Description
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-3012
EUVD
EUVD-2026-32211
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat openshift_container_platform 4.0
redhat enterprise_linux 9.0
samba samba From 4.16.0 (inc) to 4.21.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Samba's certificate auto-enrollment Group Policy handling. When auto-enrollment is enabled, Samba may download a certificate authority (CA) certificate over an unencrypted HTTP connection without properly verifying it.

An attacker who can intercept or redirect network traffic could exploit this flaw by supplying a malicious CA certificate. This could allow the attacker to intercept or spoof trusted communications.

Impact Analysis

Exploitation of this vulnerability could lead to unauthorized access or man-in-the-middle attacks. An attacker could intercept or manipulate certificate enrollment traffic, potentially allowing them to impersonate trusted entities or decrypt sensitive communications.

Detection Guidance

This vulnerability involves Samba retrieving a CA certificate over an unencrypted HTTP connection during certificate auto-enrollment, which can be intercepted or redirected by an attacker.

To detect this vulnerability on your network or system, you can monitor network traffic for unencrypted HTTP requests related to certificate enrollment from Samba services.

  • Use network packet capture tools like tcpdump or Wireshark to filter HTTP traffic on ports commonly used by Samba or related services.
  • Example tcpdump command to capture HTTP traffic: tcpdump -i <interface> 'tcp port 80 and host <samba_server_ip>' -w capture.pcap
  • Analyze the captured traffic for any certificate retrievals over HTTP instead of HTTPS.
  • Check Samba logs for any certificate auto-enrollment activity and verify if certificates are being fetched over unencrypted connections.
Compliance Impact

This vulnerability in Samba's certificate auto-enrollment process could undermine the security of trusted communications by allowing attackers to intercept or spoof certificates. Such a compromise of secure communications may lead to unauthorized access or data breaches.

As a result, organizations using affected Samba versions might face challenges in maintaining compliance with standards and regulations like GDPR and HIPAA, which require protecting data integrity and confidentiality during transmission.

Specifically, the risk of man-in-the-middle attacks due to improper certificate validation could violate requirements for secure data handling and encryption mandated by these regulations.

Mitigation Strategies

To mitigate this vulnerability, it is important to disable certificate auto-enrollment over unencrypted HTTP connections in Samba's Group Policy handling.

Ensure that certificate retrieval uses secure, encrypted channels such as HTTPS to prevent interception or manipulation by attackers.

Apply any patches or updates provided by the Samba team addressing this issue as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3012. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart