canonical ubuntu-linux CVE-2026-1933 in Canonical and Red Hat Products
Published on May 27, 2026

Samba: missing access check on reparse point operations

product logo product logo
A flaw was found in Sambas handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types.

NVD

Vulnerability Analysis

CVE-2026-1933 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
HIGH

Timeline

Reported to Red Hat.

Made public. 75 days later.

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2026-1933 has been classified to as an Authorization vulnerability or weakness.


Products Associated with CVE-2026-1933

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-1933 are published in these products:

Canonical Ubuntu Linux
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Openshift
 

Affected Versions

Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat OpenShift Container Platform 4: