CVE-2026-12505 Red Hat CVE debrief

Who should care

System administrators and security teams responsible for Linux systems using the cifs-utils package should be aware of this vulnerability. Particularly, those with low-privileged local users or untrusted user environments are at risk. Red Hat users are specifically affected, as indicated by the vendor evidence.

Technical summary

The cifs.upcall helper in cifs-utils fails to securely drop root privileges before looking up user information in a user-controlled environment. An attacker can exploit this by crafting a request_key payload to trick the helper into a custom environment with a malicious NSS module, allowing execution of arbitrary commands as root. The vulnerability is characterized by CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a Local attack vector with Low privileges required.

Defensive priority

High

Recommended defensive actions

• Apply patches or updates provided by the vendor to fix the vulnerability in cifs-utils.
• Restrict access to the cifs.upcall helper to only necessary users.
• Implement additional security controls to monitor and limit the execution of NSS modules.
• Use secure environments and namespaces for user-controlled operations.
• Regularly review and update system configurations to ensure least privilege principles.
• Monitor system logs for suspicious activity related to cifs.upcall and NSS modules.
• Consider implementing SELinux or AppArmor policies to restrict cifs-utils behavior.

Evidence notes

The CVE record and NVD detail provide official information on the vulnerability. Red Hat security advisories and bug reports offer additional context. The vulnerability was publicly disclosed on June 18, 2026.

Official resources