{"vulnerability": "CVE-2026-4408", "sightings": [{"uuid": "b2809583-c250-4d48-a77d-f76f0677dc23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4408", "type": "seen", "source": "https://www.acn.gov.it/portale/w/nuove-vulnerabilita-in-samba", "content": "", "creation_timestamp": "2026-05-27T02:24:19.000000Z"}, {"uuid": "03689b06-7740-47a1-8b1d-b4a99e4368f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4408", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mmsfyl27rh2e", "content": "6/9\n\nhttps://www.cve.org/CVERecord?id=CVE-2026-3238\n    https://www.cve.org/CVERecord?id=CVE-2026-4408\n    https://www.cve.org/CVERecord?id=CVE-2026-4480\n    https://www.samba.org/samba/security/CVE-2026-1933.html\n    https://www.samba.org/samba/security/CVE-2026-2340.html", "creation_timestamp": "2026-05-27T02:01:28.963188Z"}, {"uuid": "c423e86c-8cda-4c94-b662-9d80c288651c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4408", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mmsfym7jpe2x", "content": "7/9\n\nhttps://www.samba.org/samba/security/CVE-2026-3012.html\n    https://www.samba.org/samba/security/CVE-2026-3238.html\n    https://www.samba.org/samba/security/CVE-2026-4408.html\n    https://www.samba.org/samba/security/CVE-2026-4480.html\n  (* Security fix *)", "creation_timestamp": "2026-05-27T02:01:30.815945Z"}, {"uuid": "831f2703-3e94-40a3-8518-aa7661932cfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44088", "type": "seen", "source": "https://cert.pl/en/posts/2026/05/CVE-2026-44088", "content": "", "creation_timestamp": "2026-05-15T03:55:00.000000Z"}, {"uuid": "3066886c-b60a-46f4-8794-68a2208de792", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44088", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlv7x6j6yd2e", "content": "CVE-2026-44088 - Remote Code Execution in SzafirHost\nCVE ID : CVE-2026-44088\n \n Published : May 15, 2026, 9:16 a.m. | 50\u00a0minutes ago\n \n Description : SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file...", "creation_timestamp": "2026-05-15T11:26:05.212762Z"}, {"uuid": "e8acf771-14ca-4d05-9cfb-9de61835da40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-4408", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/ef598036-eda2-4311-807e-ebbdfb04a51d", "content": "", "creation_timestamp": "2026-05-26T14:33:00.800801Z"}, {"uuid": "fd5aab4d-8d84-47c8-8847-6bc111953846", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4408", "type": "seen", "source": "https://t.me/bdufstecru/3200", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 check password script \u043c\u043e\u0434\u0443\u043b\u044f DCE/RPC SAMR server \u043f\u0430\u043a\u0435\u0442\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f Samba \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 %u. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e RPC-\u0437\u0430\u043f\u0440\u043e\u0441\u0430\n\nBDU:2026-07316\nCVE-2026-4408\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Samba:\nhttps://www.samba.org/samba/security/CVE-2026-4408.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2026-4408\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0438\u043c\u0432\u043e\u043b\u0430 \u043f\u043e\u0434\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 %u \u0432 \u0441\u043a\u0440\u0438\u043f\u0442\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u0430\u0440\u043e\u043b\u044f (\u043f\u0440\u0438 \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0441\u0438\u043c\u0432\u043e\u043b %u \u0432 \u043e\u0434\u0438\u043d\u0430\u0440\u043d\u044b\u0435 \u043a\u0430\u0432\u044b\u0447\u043a\u0438);\n- \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0441\u043b\u0443\u0436\u0431\u044b samba-dcerpcd \u043a\u0430\u043a \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u0439 \u0441\u043b\u0443\u0436\u0431\u044b (\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 rpc start on demand helpers \u0432 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e (yes));\n- \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u0430\u0440\u043e\u043b\u044f \u043d\u0430 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438\u0437 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b SAMBA_CPS_ACCOUNT_NAME.", "creation_timestamp": "2026-05-27T14:39:25.000000Z"}, {"uuid": "0db1bf2d-4296-4c9a-81b8-0ef84f15bb96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4408", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mmvnuwsyqa2c", "content": "CRITICAL: Samba flaw in Red Hat Enterprise Linux 10 (CVE-2026-4408) enables RCE if \"check password script\" uses %u. Audit configs &amp; remove risky settings. https://radar.offseq.com/threat/cve-2026-4408-improper-neutralization-of-special-e-ffcecb34 #OffSeq #Linux #Samba", "creation_timestamp": "2026-05-28T09:00:31.507884Z"}, {"uuid": "d6d3e9ce-9785-4370-aa3e-801fc045966c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4408", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mmtq4rm6nz2c", "content": "\ud83d\udd17 CVE : CVE-2026-1933, CVE-2026-2340, CVE-2026-3012, CVE-2026-3238, CVE-2026-4408, CVE-2026-4480, CVE-2026-1933, CVE-2026-2340, CVE-2026-3012, CVE-2026-3238, CVE-2026-4408, CVE-2026-4480", "creation_timestamp": "2026-05-27T14:35:22.500167Z"}, {"uuid": "a13a348e-c325-4552-9091-559dd674c69f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4408", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116651381800731106", "content": "\ud83d\udea8 CRITICAL: CVE-2026-4408 in Red Hat Enterprise Linux 10 via Samba misconfig enables remote command execution if \"check password script\" uses %u. Audit your configs now! Details: https://radar.offseq.com/threat/cve-2026-4408-improper-neutralization-of-special-e-ffcecb34 #OffSeq #Linux #Samba #Infosec", "creation_timestamp": "2026-05-28T09:00:45.419864Z"}, {"uuid": "ce2d2bfa-030a-4738-9ac8-710b19e00c18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4408", "type": "seen", "source": "https://mastodon.social/ap/users/115755483699003887/statuses/116652797717768742", "content": "\ud83d\udd34 CVE-2026-4408 - Critical (9)\nA flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the \"check password script\" feature. If this script is configured with the %u substitution character, the cli...\n\ud83d\udd17 https://www.thehackerwire.com/vulnerability/CVE-2026-4408/\n#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack", "creation_timestamp": "2026-05-28T15:00:50.107378Z"}, {"uuid": "e3b27b6c-3697-4538-8d21-1785a76d672a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4408", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmvvgozt4a2n", "content": "CVE-2026-4408 - Samba: remote code execution in samr\nCVE ID : CVE-2026-4408\n \n Published : May 28, 2026, 9:16 a.m. | 50\u00a0minutes ago\n \n Description : A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers...", "creation_timestamp": "2026-05-28T11:15:43.201092Z"}, {"uuid": "75f2a0bb-d7c7-4495-96a4-4550663a0ea6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4408", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmwc2ltyl22w", "content": "\ud83d\udd34 CVE-2026-4408 - Critical (9)\n\nA flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-4408/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-28T15:01:36.125199Z"}]}