CVE-2026-3012EPSS p8.5%

CVE-2026-3012CVE-2026-3012

redhat / openshift_container_platform

Description

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.

Scoring

CVSS 8.0 ()
VectorCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
EPSS0.19% probability of exploitation · percentile 8.5% · 2026-06-19T12:03:05Z
Last modified2026-06-15

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-4434
CVE
CVE-2025-10230
CVE
CVE-2025-27740
CVE
CVE-2026-3238
CVE
CVE-2026-42012
CVE
CVE-2026-26119
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.