CVE-2026-3012

⚠️ high

Summary

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.

CVSS Score

8.0

High

EPSS Score

0.0

Exploit Probability

Published Date

2026-05-27

First Seen: 2026-05-28

📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 77.5% of all 326,604 vulnerabilities in our database.

#73,427

Top 25% most severe

Severity Percentile

🎯 CISA SSVC Assessment Updated: May 27, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Total

Complete system compromise possible

🏆 Discovered By

Red Hat would like to thank Arad Inbar (DREAM Security Research Team), Ben Grinberg (DREAM Security Research Team), Michalis Vasileiadis, and Nir Somech (DREAM Security Research Team) for reporting this issue.

SSVC data provided by CISA

Last Modified 2026-06-08

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE IDs (Weakness Types)

CWE-345

📦 Affected Products 4

Vendor	Product	Status	Affected Versions
samba	samba	Affected	> 4.16.0 < 4.21.0
redhat	enterprise_linux	Affected	v7.0
redhat	enterprise_linux	Affected	v9.0
redhat	openshift_container_platform	Affected	v4.0

🔗 References 5

https://access.redhat.com/errata/RHSA-2026:22644

Issue Tracking

https://access.redhat.com/errata/RHSA-2026:22963

Issue Tracking

https://access.redhat.com/security/cve/CVE-2026-3012

Mitigation Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2447319

Issue Tracking Third Party Advisory

https://bugzilla.samba.org/show_bug.cgi?id=16003

Issue Tracking Mitigation Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-50256	⚠️ high	7.8	0.0	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the...	2026-06-05
CVE-2026-50257	⚠️ high	7.8	0.0	A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multip...	2026-06-05
CVE-2026-50258	⚠️ high	7.8	0.0	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers...	2026-06-05
CVE-2026-50259	⚠️ high	7.8	0.0	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-siz...	2026-06-05
CVE-2026-1784	⚠️ high	8.8	0.0	The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found...	2026-06-02
CVE-2026-10533	🔶 medium	5.0	0.1	A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQ...	2026-06-01

These CVEs affect the same products