Cyber Posture

CVE-2026-3012

High
Microsoft: not affectedMSmacOS: not affectedMacLinux: not affectedLnxMobile: not affectedMobNetwork: not affectedNetApplication: not affectedAppOther: affectedOth

Published: 27 May 2026

Published
27 May 2026
Modified
27 May 2026
KEV Added
Patch
CVSS Score 8.0 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
EPSS Score 0.0000 0.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3012 is a high-severity Insufficient Verification of Data Authenticity (CWE-345) vulnerability in Samba (inferred from references). Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 0.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

PT-8 Computer Matching Requirements
addresses: CWE-345

Directly requires independent verification of matching output before adverse decisions, mitigating insufficient authenticity checks on data from external sources.

SC-17 Public Key Infrastructure Certificates
addresses: CWE-345

Use of approved PKI certificates provides verifiable data authenticity and origin for communications and artifacts.

SC-20 Secure Name/Address Resolution Service (Authoritative Source)
addresses: CWE-345

Mandates provision of authenticity and integrity artifacts that enable verification of name/address resolution data.

SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver)
addresses: CWE-345

Requires explicit verification of data authenticity from authoritative sources, preventing acceptance of unauthenticated resolution responses.

SC-33 Transmission Preparation Integrity
addresses: CWE-345

Control requires verification of data authenticity/integrity (e.g., checksums) after aggregation/packing, directly reducing exploitation of insufficient verification before transmission.

SC-45 System Time Synchronization
addresses: CWE-345

Time synchronization supports reliable freshness verification when checking data authenticity across systems or components.

SI-7 Software, Firmware, and Information Integrity
addresses: CWE-345

Mandates verification of data authenticity for software, firmware, and information.

SR-4 Provenance
addresses: CWE-345

Provenance documentation and monitoring directly enables verification of authenticity for components and data throughout their history.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
attack.mitre.org →
Why these techniques?

Vulnerability enables MITM via unverified malicious CA cert injection over HTTP.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker…

more

with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-345
OWASP Top 10 Web 2025
A08:2025

Affected Products

Samba
inferred from references and description; NVD did not file a CPE for this CVE

EU & UK References

References