Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-59260

HIGH NVD
CVSS Score 8.8
Severity HIGH
Published Jul 12, 2026
Vendor unknown

Description

OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process, triggering command execution when SMB protocol messages are processed.

References