{"id":"CVE-2026-4480","summary":"Samba: samba: remote code execution in printing subsystem via unescaped job description","details":"A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the \"print command\" setting via the \"%J\"\nsubstitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.","modified":"2026-06-11T04:01:50.113977949Z","published":"2026-05-26T13:56:32.355Z","related":["ALSA-2026:22644","ALSA-2026:22963","SUSE-SU-2026:2071-1","SUSE-SU-2026:2072-1","SUSE-SU-2026:2073-1","SUSE-SU-2026:2074-1","SUSE-SU-2026:2076-1","SUSE-SU-2026:2108-1","SUSE-SU-2026:22045-1","openSUSE-SU-2026:10884-1","openSUSE-SU-2026:20905-1"],"database_specific":{"cna_assigner":"redhat","cwe_ids":["CWE-78"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/4xxx/CVE-2026-4480.json"},"references":[{"type":"WEB","url":"https://access.redhat.com/downloads/content/package-browser/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:22644"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:22963"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:25049"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2026-4480"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/4xxx/CVE-2026-4480.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4480"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452232"},{"type":"REPORT","url":"https://bugzilla.samba.org/show_bug.cgi?id=16033"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/samba-team/samba","events":[{"introduced":"a6fb418be7adccdd583a3b489b58023cfdd392ef"},{"fixed":"c2633a95a88f5f777fc94a25a07f1faa47420fc5"}],"database_specific":{"extracted_events":[{"introduced":"4.1.0"},{"fixed":"4.2.1"}],"cpe":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","source":"CPE_RANGE"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-4480.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}