CVE-2026-1933 Red Hat CVE debrief

Who should care

Organizations running Samba file servers with read-only share configurations, particularly those serving mixed Windows/Unix environments using NTFS-style reparse points. System administrators responsible for Samba security configurations and access control enforcement.

Technical summary

Samba's SMB server fails to enforce access controls on NTFS-style reparse point operations when shares are configured as read-only. While the read only = yes configuration prevents conventional file write operations, the missing SMB-layer checks allow authenticated users with underlying filesystem write access to manipulate reparse point metadata through SMB operations. This enables modification of file behavior visible to SMB clients, including conversion of regular files to symbolic links or other reparse point types without triggering the expected access denial.

Defensive priority

HIGH

Recommended defensive actions

• Review Samba share configurations for read-only exports and verify underlying filesystem permissions are appropriately restricted
• Monitor for unexpected reparse point creation or modification activity on Samba shares
• Apply security updates from Samba or distribution vendors when available
• Consider implementing additional access controls at the filesystem level to complement SMB-layer restrictions
• Review symbolic link and reparse point handling policies in Samba configuration

Evidence notes

The vulnerability description indicates missing SMB-layer access checks for reparse point operations on read-only Samba shares. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H) reflects network attack vector, low attack complexity, low privileges required, no user interaction, and high availability impact. The weakness is classified as CWE-284 (Improper Access Control).

Official resources