Alerts This Week
Warning Icon 1 975
Alerts This Week
Warning Icon 1 975

SUSE 2026 2108-1 Samba Urgent Remote Execution Patch Released

suse
Calendar Grey May 29, 2026
Dist Suse Esm H88
Critical SUSE advisory for Samba fixing four high-risk issues. Immediate patching is advised to protect systems from threats.
An update that solves four vulnerabilities and has one security fix can now be installed.

Summary

## This update for samba fixes the following issues * CVE-2026-2340: vfs_worm does not block directory modification (bsc#1261158). * CVE-2026-3238: unauthenticated udp packet crashes AD DC nbt server (bsc#1261160). * CVE-2026-4408: Remote Code Execution in SAMR (bsc#1261163). * CVE-2026-4480: Unauthenticated Remote Code Execution (bsc#1261161). Non security issues: * Fix pthreadpool_tevent race conditions accessing both pthreadpool_tevent.jobs list and pthreadpool_tevent.glue_list (bsc#1252963) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2108=1 * SUSE Linux Enterprise Micro for Rancher 5.4

Topics%20covered

Topics Covered

security advisory critical SuSE code execution samba remote execution

References

* bsc#1252963

* bsc#1261158

* bsc#1261160

* bsc#1261161

* bsc#1261163

Cross-

* CVE-2026-2340

* CVE-2026-3238

* CVE-2026-4408

* CVE-2026-4480

CVSS scores:

* CVE-2026-2340 ( SUSE ): 7.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2026-2340 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

* CVE-2026-2340 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

* CVE-2026-3238 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-4408 ( SUSE ): 9.4

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

* CVE-2026-4408 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

* CVE-2026-4408 ( NVD ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

* CVE-2026-4480 ( SUSE ): 10.0

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2108-1
Release Date: 2026-05-29T07:20:16Z
Rating: critical

Topics%20covered

Topics Covered

security advisory critical SuSE code execution samba remote execution

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here