CVE-2026-3238EPSS p84.6%

CVE-2026-3238CVE-2026-3238

Description

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets.

Scoring

CVSS 7.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS2.80% probability of exploitation · percentile 84.6% · 2026-06-19T12:03:05Z
Last modified2026-06-08

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-10230
CVE
CVE-2026-42903
CVE
CVE-2026-1933
CVE
CVE-2026-41096
CVE
Microsoft Windows NULL Pointer Dereference Vulnerability
CVE
CVE-2026-4408
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.