A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J"
substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.

Project Subscriptions

Vendors Products
Enterprise Linux Subscribe
Enterprise Linux Eus Subscribe
Openshift Subscribe
Openshift Container Platform Subscribe
Rhel Aus Subscribe
Rhel E4s Subscribe
Rhel Els Subscribe
Rhel Eus Subscribe
Rhel Eus Long Life Subscribe
Rhel Tus Subscribe
Advisories
Source ID Title
Debian DSA Debian DSA DSA-6297-1 samba security update
Ubuntu USN Ubuntu USN USN-8306-1 Samba vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

Remove ```"%J"``` from the "print command" in ```smb.conf``` entry.

History

Tue, 23 Jun 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/a:redhat:rhel_e4s:9.4::appstream
cpe:/a:redhat:rhel_e4s:9.4::resilientstorage
cpe:/o:redhat:enterprise_linux:7::server
cpe:/o:redhat:rhel_e4s:9.4::baseos
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els
References

Tue, 23 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux Eus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/a:redhat:rhel_e4s:9.2::resilientstorage
cpe:/a:redhat:rhel_tus:8.8::appstream
cpe:/o:redhat:enterprise_linux_eus:10.0
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_e4s:9.2::baseos
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat enterprise Linux Eus
Redhat rhel E4s
Redhat rhel Tus
References

Tue, 23 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Eus Long Life
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
cpe:/o:redhat:rhel_eus_long_life:8.6::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel Eus Long Life
References

Mon, 15 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.6::appstream
cpe:/a:redhat:rhel_eus:9.6::crb
cpe:/a:redhat:rhel_eus:9.6::resilientstorage
cpe:/o:redhat:rhel_eus:9.6::baseos
Vendors & Products Redhat rhel Eus
References

Wed, 10 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb
cpe:/a:redhat:enterprise_linux:9::resilientstorage
cpe:/o:redhat:enterprise_linux:9::baseos
References

Thu, 04 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.2
References

Wed, 03 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::crb
cpe:/o:redhat:enterprise_linux:8::baseos
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}

cvssV3_1

{'score': 9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}


Mon, 01 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Container Platform
Samba
Samba samba
Vendors & Products Redhat openshift Container Platform
Samba
Samba samba

Wed, 27 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Tue, 26 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 26 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.
Title Samba: samba: remote code execution in printing subsystem via unescaped job description
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-78
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-30T12:10:41.327Z

Reserved: 2026-03-19T21:17:35.193Z

Link: CVE-2026-4480

cve-icon Vulnrichment

Updated: 2026-06-30T03:18:59.706Z

cve-icon NVD

Status : Modified

Published: 2026-05-26T15:16:40.937

Modified: 2026-06-17T10:56:40.373

Link: CVE-2026-4480

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-26T13:43:46Z

Links: CVE-2026-4480 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T13:15:15Z

Weaknesses