CVE-2026-3012

NameCVE-2026-3012
DescriptionA flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-6297-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
samba (PTS)bullseye2:4.13.13+dfsg-1~deb11u6vulnerable
bullseye (security)2:4.13.13+dfsg-1~deb11u7vulnerable
bookworm2:4.17.12+dfsg-0+deb12u3vulnerable
bookworm (security)2:4.17.12+dfsg-0+deb12u4fixed
trixie2:4.22.8+dfsg-0+deb13u1vulnerable
trixie (security)2:4.22.8+dfsg-0+deb13u2fixed
forky, sid2:4.24.3+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sambasourcebookworm2:4.17.12+dfsg-0+deb12u4DSA-6297-1
sambasourcetrixie2:4.22.8+dfsg-0+deb13u2DSA-6297-1
sambasource(unstable)2:4.24.3+dfsg-1

Notes

https://www.samba.org/samba/security/CVE-2026-3012.html
Search for package or bug name: Reporting problems