Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-3238EXPLOITED

red hat · red hat enterprise linux

Samba: denial of service against ad dc wins server

Description

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets.

Affected Products

Vendor	Product	Versions
red hat	red hat enterprise linux	—

References

https://access.redhat.com/security/cve/CVE-2026-3238(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2486176(issue-tracking, x_refsource_REDHAT)
https://www.samba.org/samba/security/CVE-2026-3238.html

Related News (1 articles)

Tier C

VulDB4h ago

CVE-2026-3238 | Samba WINS Service null pointer dereference

→ No new info (linked only)

CVSS 3.17.5 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-476

PublishedJun 8, 2026

Last enriched3h agov2

Trending Score39

Source articles1

Independent1

Info Completeness6/14

Missing: versions, cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-11332EXP

Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution

NONECVE-2026-10533EXP

Openshift: openshift: non-admin user can bypass resourcequota and flood etcd with events causing cluster-wide api degradation

NONECVE-2026-9793EXP

Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

Information Disclosure Vulnerability in Ansible

NONECVE-2026-43958

Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 8, 2026

Discovered by ZDM

Jun 8, 2026

Updated: description, severity, activelyExploited

Jun 8, 2026

Actively Exploited

Jun 8, 2026

Version History

v2

Last enriched 3h ago

v2Tier C4h ago

Updated severity to HIGH, marked as actively exploited, and corrected exploit availability to false.

descriptionseverityactivelyExploited

via VulDB

v15h ago

Initial creation