CVE-2026-12505

Publication date 18 June 2026

Last updated 4 July 2026


Ubuntu priority

Cvss 3 Severity Score

7.8 · High

Score breakdown

Description

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted request_key payload to trick the root-owned helper into entering a custom environment (namespace) containing a malicious NSS module. This forces the system to load the attacker's controlled NSS Module and configuration, allowing them to execute arbitrary commands as the root user, elevating their privileges and fully compromising the system.

Read the notes from the security team

Status

Package Ubuntu Release Status
cifs-utils 26.04 LTS resolute
Vulnerable
25.10 questing
Vulnerable
24.04 LTS noble
Vulnerable
22.04 LTS jammy
Vulnerable
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
14.04 LTS trusty
Needs evaluation

Notes


mdeslaur

The update for this issue introduced a regression, see: https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/2159053 https://lore.kernel.org/linux-cifs/16d7db05ac86fa6c7820c0f4996a3fcf@manguebit.org/T/#t The security fixed was backed out in USN-8496-2 until a complete fix is available from cifs-utils developers

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
cifs-utils

Severity score breakdown

CVSS version: CVSS v3.0

Base score 7.8 · High

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

Other references


Access our resources on patching vulnerabilities