CVE Catalog

CVE-2026-2340

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.94%

57th percentile - higher than 57% of all known CVEs

Summary

A flaw in Samba's vfs_worm module allows bypassing WORM (write-once, read-many) protections during file rename operations. An authenticated user with write access to a share can overwrite a protected file by renaming a newly created file over an existing WORM-protected file.

Risk Assessment

The organization may lose data integrity on Samba shares with WORM protection enabled, potentially leading to unauthorized modification or deletion of critical files, violating data retention regulatory requirements.

Recommendation

Immediately update Samba to a version containing the fix for this vulnerability. Until the update is applied, consider disabling the vfs_worm module or restricting access to shares with WORM protection enabled.

Original NVD description (English source)

A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share could overwrite a protected file by renaming a newly created file over the existing WORM-protected file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS