CVE-2026-3238 PUBLISHED

Samba: denial of service against ad dc wins server

Assigner: redhat
Reserved: 26.02.2026 Published: 08.06.2026 Updated: 08.06.2026

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 7.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Red Hat
Product	Red Hat Enterprise Linux 10
Versions	Default: unknown

Vendor	Red Hat
Product	Red Hat Enterprise Linux 6
Versions	Default: unknown

Vendor	Red Hat
Product	Red Hat Enterprise Linux 6
Versions	Default: unknown

Vendor	Red Hat
Product	Red Hat Enterprise Linux 7
Versions	Default: unknown

Vendor	Red Hat
Product	Red Hat Enterprise Linux 8
Versions	Default: unknown

Vendor	Red Hat
Product	Red Hat Enterprise Linux 9
Versions	Default: unknown

Vendor	Red Hat
Product	Red Hat OpenShift Container Platform 4
Versions	Default: unknown

Workarounds

As a workaround, deployments that do not strictly require Samba-provided WINS functionality should disable WINS support by removing: wins support = yes from the Samba configuration.

Credits

Red Hat would like to thank Arad Inbar (DREAM Security Research Team), Ben Grinberg (DREAM Security Research Team), Erez Cohen (DREAM Security Research Team), and Nir Somech (DREAM Security Research Team) for reporting this issue.

References

Problem Types

NULL Pointer Dereference CWE