Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3224 articles · 170285 vulns · 37/41 feeds (7d)
← Back to list
7.8
CVE-2026-12505EXPLOITEDPATCHED
red hat · cifs-utils

Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

Description

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted request_key payload to trick the root-owned helper into entering a custom environment (namespace) containing a malicious NSS module. This forces the system to load the attacker's controlled NSS Module and configuration, allowing them to execute arbitrary commands as the root user, elevating their privileges and fully compromising the system.

Affected Products

VendorProductVersions
red hatcifs-utils—

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
red hatenterprise linuxcert_advisory90%

References

  • https://access.redhat.com/errata/RHSA-2026:32990(vendor-advisory, x_refsource_REDHAT)
  • https://access.redhat.com/security/cve/CVE-2026-12505(vdb-entry, x_refsource_REDHAT)
  • https://bugzilla.redhat.com/show_bug.cgi?id=2489805(issue-tracking, x_refsource_REDHAT)
  • https://git.samba.org/?p=cifs-utils.git;a=commit;h=972c5b5ff95e3e812bc8daa72d0383654ab0dba7

Related News (2 articles)

Tier B
BSI Advisories3d ago
[NEU] [mittel] Red Hat Enterprise Linux (cifs-utils): Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten
→ No new info (linked only)
Tier C
VulDB15d ago
CVE-2026-12505 | cifs-utils Malicious NSS unnecessary privileges
→ No new info (linked only)
CVSS 3.17.8 HIGH
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
0:7.6-1.el10_2
CWECWE-250
PublishedJun 18, 2026
Last enriched3d agov3
Trending Score39
Source articles2
Independent2
Info Completeness9/14
Missing: versions, epss, kev, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

NONECVE-2026-14258EXP
Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling
Trending: 58
HIGHCVE-2026-55628EXP
ImageMagick: Policy Bypass in concatenate operation due to missing checks
Trending: 52
NONECVE-2026-54369EXP
acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions
Trending: 36
NONECVE-2026-12388EXP
Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper
Trending: 35
NONECVE-2026-58013EXP
Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"
Trending: 35

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 18, 2026
Discovered by ZDM
Jun 18, 2026
Updated: severity
Jun 18, 2026
Actively Exploited
Jun 30, 2026
Exploit Available
Jun 30, 2026
Patch Available
Jun 30, 2026
Updated: severity, exploitAvailable, activelyExploited
Jun 30, 2026

Version History

v3
Last enriched 3d ago
v3Tier B3d ago

Updated severity to HIGH and marked the vulnerability as actively exploited with an exploit available.

severityexploitAvailableactivelyExploited
via BSI Advisories
v2Tier C15d ago

Updated severity to CRITICAL and clarified that no exploit is available.

severity
via VulDB
v115d ago

Initial creation