CVE Catalog

CVE-2026-4480

CriticalCVSS 9.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
12.80%

96th percentile — higher than 96% of all known CVEs

Summary

A flaw in the Samba printing subsystem allows a remote attacker to execute code by sending a specially crafted print job description. The description is passed to the command configured in the "print command" setting without proper escaping of shell special characters.

Risk Assessment

An attacker can remotely execute arbitrary code on the Samba server, potentially leading to full system compromise, data theft, or further propagation of the attack within the network.

Recommendation

Immediately update Samba to a version containing the fix for this vulnerability. Until the update is applied, restrict access to Samba printing services to trusted users only.

Original NVD description (English source)

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS