Samba pam_winbind: chown / via mkhomedir Availability loss
CVE-2026-15779 Published on July 15, 2026

Samba-winbind: samba: pam_winbind mkhomedir chowns critical system paths without validation
A flaw was found in samba's pam_winbind. When mkhomedir is enabled, pam_winbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory (a common default for system accounts) can have this triggered not only by root, but by a non-root user holding a narrow sudo delegation to run commands as that account, causing ownership of / to change and resulting in severe denial of service (SSH, sudo, and package-manager failures). The change does not grant write access to / (which ships with restrictive 0555 permissions on RHEL), so the impact is availability loss rather than further privilege escalation.

NVD

Vulnerability Analysis

CVE-2026-15779 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and a high impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
HIGH

Timeline

Reported to Red Hat.

Made public. 54 days later.

Weakness Type

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. When a resource is given a permissions setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution or sensitive user data.


Products Associated with CVE-2026-15779

Want to know whenever a new CVE is published for Red Hat Enterprise Linux (RHEL)? stack.watch will email you.

 

Affected Versions

Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: