#advisory

Critical Samba Printing Vulnerability Enables Remote Code Execution

Samba patched a critical remote code execution vulnerability (CVE-2026-4480) in its printing subsystem caused by improper sanitization of the %J substitution parameter. The flaw allows unauthenticated attackers to run arbitrary shell commands by submitting crafted print job descriptions.

If you run Samba file/print servers, immediately upgrade to versions 4.22.10, 4.23.8, or 4.24.3 to patch CVE-2026-4480, or as a quick fix remove the %J parameter from the “print command” line in your smb.conf file. Also disable guest access to printing and make sure your Samba servers are only reachable from trusted internal networks, never directly from the internet. #cybersecurity #infosec #advisory #vulnerability https://beyondmachines.net/event_details/critical-samba-printing-vulnerability-enables-remote-code-execution-o-j-r-w-v/gD2P6Ple2L

Copy Fail: Linux Kernel Flaw Grants Root Access On All Major Distributions

A Linux kernel vulnerability called “Copy Fail” (CVE-2026-31431) allows unprivileged local users to gain root privileges with 100% reliability by corrupting the shared page cache. The flaw affects nearly all Linux distributions since 2017 and enables container escapes because the memory corruption does not modify files on disk.

If you run Linux servers, especially shared environments like Kubernetes clusters, CI/CD runners, or multi-tenant hosts, patch your kernel immediately to a version that includes the fix (mainline commit a664bf3d603d) for CVE-2026-31431. If you can’t patch right away, disable the vulnerable module by running echo “install algif_aead /bin/false” > /etc/modprobe.d/disable-algif.conf followed by rmmod algif_aead, and for untrusted code environments block AF_ALG socket creation via seccomp as a long-term safeguard. #cybersecurity #infosec #advisory #vulnerability https://beyondmachines.net/event_details/copy-fail-linux-kernel-flaw-grants-root-access-on-all-major-distributions-w-l-v-0-c/gD2P6Ple2L