Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 461
Alerts This Week
Warning Icon 1 461

Ubuntu 26.04 LTS cifs-utils Critical Remote Code Execution USN-8496-3

ubuntu
Calendar Grey July 13, 2026
Dist Ubuntu Esm H88
A critical security advisory for Ubuntu addresses a cifs-utils issue allowing privilege escalation. Update now!
cifs-utils could be made to run programs as an administrator.

Summary

cifs-utils could be made to run programs as an administrator.

Software Description:

- cifs-utils: Common Internet File System utilities

Details:

USN-8496-1 fixed vulnerabilities in cifs-utils. The update caused a

regression and was backed out in USN-8496-2. This update reintroduces the

security fix, along with a fix for the regression.

Original advisory details:

It was discovered that cifs-utils incorrectly dropped root privileges

before looking up user information. A local attacker could possibly use

this issue to execute arbitrary code as the root user.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  cifs-utils                      2:7.4-1ubuntu0.26.04.3

Ubuntu 24.04 LTS
  cifs-utils                      2:7.0-2ubuntu0.5

Ubuntu 22.04 LTS
  cifs-utils                      2:6.14-1ubuntu0.6

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8496-3

https://ubuntu.com/security/notices/USN-8496-2

https://ubuntu.com/security/notices/USN-8496-1

CVE-2026-12505

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8496-3

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.