OpenWrt luci-app-samba4 read ACL grants file.exec...
High severity
Unreviewed
Published
Jul 12, 2026
to the GitHub Advisory Database
•
Updated Jul 12, 2026
Description
Published by the National Vulnerability Database
Jul 12, 2026
Published to the GitHub Advisory Database
Jul 12, 2026
Last updated
Jul 12, 2026
OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process, triggering command execution when SMB protocol messages are processed.
References