CVE-2026-3012
8.0 HIGHA flaw was found in Samba’s certificate auto-enrollment Group Policy handling
Published: 2026-05-27 · Last updated: 2026-06-10
Severity and scoring
- CVSS
- 8.0 HIGH
- Vector
- CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
- CWE
- CWE-345
Affected products
| Vendor | Product |
|---|---|
| redhat | enterprise_linux, openshift_container_platform, samba |
| samba | enterprise_linux, openshift_container_platform, samba |
Description
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-3012
- [Other]https://access.redhat.com/errata/RHSA-2026:22644
- [Other]https://access.redhat.com/errata/RHSA-2026:22963
- [Other]https://access.redhat.com/errata/RHSA-2026:25049
- [Other]https://access.redhat.com/security/cve/CVE-2026-3012
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=2447319
- [Vendor advisory]https://bugzilla.samba.org/show_bug.cgi?id=16003
Related CVEs
Same vendor
- CVE-2026-50259 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-50258 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-50257 — A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence() (7.8 HIGH)
- CVE-2026-50256 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-1784 — The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy (8.8 HIGH)
Same CWE
- CVE-2026-46654 — Plonky3 is a toolkit for polynomial IOPs (PIOPs)
- CVE-2026-48096 — OpenFGA is an authorization/permission engine built for developers (5.0 MEDIUM)
- CVE-2026-46539 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (5.9 MEDIUM)
- CVE-2026-7792 — The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insuf... (5.3 MEDIUM)
- CVE-2026-8608 — The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Au... (5.3 MEDIUM)