CVE-2026-4480
Received Received - Intake
Remote Code Execution in Samba Printing Subsystem

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: Red Hat, Inc.

Description
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-05-26
AI Q&A
2026-05-26
EPSS Evaluated
N/A
NVD
CVE-2026-4480
EUVD
EUVD-2026-31828
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
samba samba *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-4480 is a vulnerability in the Samba printing subsystem where the job description string controlled by the client is passed to the print command without properly escaping shell meta characters. This flaw allows a remote attacker to send a specially crafted print job description containing unescaped shell characters, which can be exploited to execute arbitrary code on the affected system.


How can this vulnerability impact me? :

This vulnerability can lead to remote code execution on the affected system, allowing an attacker to run arbitrary commands with limited privileges. Because it is exploitable remotely and does not require user interaction, it poses a significant security risk, potentially compromising system integrity, confidentiality, and availability.


What immediate steps should I take to mitigate this vulnerability?

Currently, there are no official patches or mitigation details provided for this vulnerability.

Since the vulnerability involves unescaped shell meta characters in the Samba printing subsystem, a cautious approach would be to restrict access to the Samba printing service and monitor for suspicious print job descriptions.

Keep an eye on official Samba project updates and apply any patches or recommended mitigations as soon as they become available.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart