CVE-2026-4408 (CVSS 9.0) — A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configu

A critical vulnerability, CVE-2026-4408, has been published with a CVSS score of 9.0, affecting Samba file servers and classic domain controllers that use the "check password script" feature. The flaw allows a remote attacker to exploit a misconfiguration in this script, potentially leading to severe security breaches. This disclosure was made on May 28, 2026, via the National Vulnerability Database, and requires immediate attention from organizations relying on Samba for file sharing or domain authentication.

Organizations across all sectors that deploy Samba in mixed Windows-Linux environments are affected, particularly those using classic domain controllers or file servers with custom password validation scripts. This includes critical infrastructure, healthcare, finance, and government entities where Samba is used for legacy integration or cost-effective file services. Any organization with Samba servers configured to use the "check password script" feature is at risk of remote compromise.

Compliance teams should immediately verify whether their Samba deployments use the "check password script" feature and, if so, apply the vendor-supplied patch or update as soon as it becomes available. Until a fix is deployed, consider disabling the feature or restricting network access to affected servers. Additionally, review incident response plans to account for potential exploitation, and ensure that vulnerability scanning tools are updated to detect this CVE. Document all actions taken for regulatory audit trails.