Samba NTFS Reparse Points Access Control Bypass via SMB
CVE-2026-1933 Published on May 27, 2026
Samba: missing access check on reparse point operations
A flaw was found in Sambas handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.
Vulnerability Analysis
CVE-2026-1933 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and a high impact on availability.
Timeline
Reported to Red Hat.
Made public. 75 days later.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2026-1933 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2026-1933
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-1933 are published in these products:
Affected Versions
Red Hat Enterprise Linux 10:- Version 0:4.23.5-109.el10_2 and below * is unaffected.
- Version 0:4.19.4-16.el8_10 and below * is unaffected.
- Version 0:4.19.4-16.el8_10 and below * is unaffected.
- Version 0:4.23.5-10.el9_8 and below * is unaffected.
- Version 0:4.23.5-10.el9_8 and below * is unaffected.
- Version 0:4.21.3-14.el9_6.1 and below * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.