CVE-2026-2340
MediumCVSS 6.5Exploitation Probability (EPSS)
Elevated risk57th percentile - higher than 57% of all known CVEs
Summary
A flaw in Samba's vfs_worm module allows bypassing WORM (write-once, read-many) protections during file rename operations. An authenticated user with write access to a share can overwrite a protected file by renaming a newly created file over an existing WORM-protected file.
Risk Assessment
The organization may lose data integrity on Samba shares with WORM protection enabled, potentially leading to unauthorized modification or deletion of critical files, violating data retention regulatory requirements.
Recommendation
Immediately update Samba to a version containing the fix for this vulnerability. Until the update is applied, consider disabling the vfs_worm module or restricting access to shares with WORM protection enabled.
Original NVD description (English source)
A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share could overwrite a protected file by renaming a newly created file over the existing WORM-protected file.

