← back
CVE-2026-4480

Samba: samba: remote code execution in printing subsystem via unescaped job description

CVSS 9 CRITICALEPSS 12.8%CWE-78
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat · Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat · Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat · Red Hat OpenShift Container Platform 4
public PoCs found6
githubgithub.com/TheCyberGeek/CVE-2026-4480-PoC13githubgithub.com/robinxiang/CVE-2026-44801githubgithub.com/CarlosEduardoPM/CVE-2026-4480-POC1githubgithub.com/0xBlackash/CVE-2026-44800githubgithub.com/Vusal777/CVE-2026-4480-exploit-poc0githubgithub.com/ClearLotus-git/CVE-2026-4480-PoC0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2026:22644https://access.redhat.com/errata/RHSA-2026:22963https://access.redhat.com/errata/RHSA-2026:25049https://access.redhat.com/errata/RHSA-2026:25979https://access.redhat.com/errata/RHSA-2026:28053https://access.redhat.com/errata/RHSA-2026:28054https://access.redhat.com/errata/RHSA-2026:28055https://access.redhat.com/errata/RHSA-2026:28056https://access.redhat.com/errata/RHSA-2026:28057https://access.redhat.com/errata/RHSA-2026:28058https://access.redhat.com/errata/RHSA-2026:28132https://access.redhat.com/security/cve/CVE-2026-4480