CVE-2026-1933

Advisory lineage Upstream: 0 Downstream: 4

Downstream

ALPINE-CVE-2026-1933 DEBIAN-CVE-2026-1933 UBUNTU-CVE-2026-1933 USN-8306-1

Awaiting Analysis

Published: 27 May 2026, 12:28

Last modified:27 May 2026, 14:41

Vulnerability Summary

Overall Risk (default)

medium

28/100

CVSS Score

7.1 HIGH

v3.1 (cve.org)

EPSS Score

0.03% LOW

0% probability

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

27 May 2026, 12:28

Published

Vulnerability first disclosed

27 May 2026, 14:41

Last Modified

Vulnerability information updated

Description

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.

CVSS Metrics

v3.1•HIGH•Score: 7.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

EPSS Trends

Current EPSS score: 0.03%• Percentile: 9%

Techniques & Countermeasures

CWE-284•Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.