CVE-2026-1933

Published: Mag 27, 2026 Last Modified: Mag 27, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: high

Description

AI Translation Available

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.

284

Improper Access Control

Incomplete
Abstraction: Pillar Structure: Simple
Common Consequences
Security Scopes Affected:
Other
Potential Impacts:
Varies By Context
Applicable Platforms
Technologies: Not Technology-Specific, ICS/OT, Web Based
View CWE Details
https://access.redhat.com/security/cve/CVE-2026-1933
https://access.redhat.com/security/cve/CVE-2026-1933
https://bugzilla.redhat.com/show_bug.cgi?id=2447317
https://bugzilla.redhat.com/show_bug.cgi?id=2447317
https://bugzilla.samba.org/show_bug.cgi?id=15992
https://bugzilla.samba.org/show_bug.cgi?id=15992