CVE-2026-4480

EUVD-2026-31828

26.05.2026, 15:16

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J"
substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.

OS Command Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.5 HIGH	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

samba

bookworm	vulnerable
bookworm (security)	2:4.17.12+dfsg-0+deb12u4 fixed
bullseye	vulnerable
bullseye (security)	vulnerable
forky	vulnerable
sid	2:4.24.3+dfsg-1 fixed
trixie	vulnerable
trixie (security)	2:4.22.8+dfsg-0+deb13u2 fixed

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

https://access.redhat.com/security/cve/CVE-2026-4480

https://bugzilla.redhat.com/show_bug.cgi?id=2452232

https://bugzilla.samba.org/show_bug.cgi?id=16033