CVE-2026-2340

Description

A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share could overwrite a protected file by renaming a newly created file over the existing WORM-protected file.

CVSS Metrics

• v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Trends

Current EPSS score: 0.03%• Percentile: 8%

Techniques & Countermeasures

• CWE-280•Improper Handling of Insufficient Permissions or Privileges

  The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

Affected Systems

• redhat•enterprise_linux

  7.0 | 8.0 | 9.0 | 10.0

• redhat•openshift_container_platform

  4.0

• Unknown•Samba

  ≥ 4.1.0

References (3)

• https://access.redhat.com/security/cve/CVE-2026-2340
• https://bugzilla.redhat.com/show_bug.cgi?id=2447318
• https://bugzilla.samba.org/show_bug.cgi?id=15997