CVE-2026-3238 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 22%

Debian Releases

Debian Product

Codename

samba

bookworm	vulnerable
bookworm (security)	2:4.17.12+dfsg-0+deb12u4 fixed
bullseye	vulnerable
bullseye (security)	vulnerable
forky	2:4.24.3+dfsg-1 fixed
sid	2:4.24.3+dfsg-1 fixed
trixie	vulnerable
trixie (security)	2:4.22.8+dfsg-0+deb13u2 fixed

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Vulnerability Media Exposure

[GERMAN] Samba: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Samba ausnutzen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Dateien zu manipulieren, und um Sicherheitsvorkehrungen zu umgehen.
Published: 2026-05-26T22:00:00+00:00

References

https://access.redhat.com/security/cve/CVE-2026-3238

https://bugzilla.redhat.com/show_bug.cgi?id=2486176

https://www.samba.org/samba/security/CVE-2026-3238.html