CVE-2026-31409

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn-binding on failed binding request When a multichannel SMB2SESSIONSETUP request with SMB2SESSIONREQFLAGBINDING fails ksmbd sets conn-binding = true but never clears it on the error path. This leaves the connectio...

CVE-2026-31409

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn-binding on failed binding request When a multichannel SMB2SESSIONSETUP request with SMB2SESSIONREQFLAGBINDING fails ksmbd sets conn-binding = true but never clears it on the error path. This leaves the connectio...

Linux Distros Unpatched Vulnerability : CVE-2026-31409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: unset conn-binding on failed binding request When a multichannel SMB2SESSIONSETUP request with SMB2SESSIONREQFLAGBINDING fails ksmbd sets conn-binding =...

curl: CVE-2026-5773: wrong reuse of SMB connection

A vulnerability was discovered in curl version 8.19.0 and earlier versions that support SMB. The vulnerability was due to the incorrect reuse of SMB connections across different shares on the same server. This led to data spoofing and access control bypass. The issue was caused by the lack of...

CVE-2026-23427

A flaw was found in ksmbd, a component within the Linux kernel that provides server message block SMB functionality. This vulnerability, known as a use-after-free, occurs when the system attempts to access memory after it has been released. A remote attacker could exploit this by sending speciall...

CVE-2026-31392

A flaw was found in the Linux kernel's Server Message Block SMB client. A local attacker, by attempting to mount SMB shares using Kerberos sec=krb5 with a specified username, could cause the client to incorrectly reuse an existing SMB session. This session reuse occurs even when a different...

CVE-2026-23428

A flaw was found in ksmbd, a component of the Linux kernel. This use-after-free vulnerability occurs during the processing of Server Message Block version 2 SMB2 compound requests. An attacker could exploit this by sending a specially crafted sequence of SMB2 commands, causing the system to attem...

HTTPS Fetch, Windows x86 Reverse Named Pipe (SMB) Stager

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/https/x86/peinject/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set ACTION msf...

HTTPS Fetch, Windows shellcode stage, Windows x86 Reverse Named Pipe (SMB) Stager

Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/https/x86/custom/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set...

PT-2026-29357

Name of the Vulnerable Software and Affected Versions XML Notepad versions prior to 2.9.0.21 Description XML Notepad, a Windows program for editing XML documents, does not disable DTD processing by default before version 2.9.0.21. This allows for the resolution of external entities. An attacker c...

CVE-2026-33682

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...

Metasploit Wrap-Up 03/27/2026

Better NTLM Relaying Functionality This week’s release brings an improvement to the SMB NTLM relay server. In the past, it’s support has been expanded with modules for relaying to HTTP ESC8, MSSQL and LDAP while still receiving connections over the humble SMB service. Prior to this release, clien...

CVE-2026-33682

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...

SUSE-SU-2026:1089-1 Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.65 fixes various security issues The following security issues were fixed: - CVE-2025-38488: smb: client: fix use-after-free in cryptmessage when using async crypto bsc1247240. - CVE-2025-40258: mptcp: fix race condition in...

smb: client: Don't log plaintext credentials in cifs_set_cifscreds

...

Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)

Streamlit Open Source Security Advisory 1. Impacted Products Streamlit Open Source versions prior to 1.54.0 running on Windows hosts. 2. Introduction Snowflake Streamlit Open Source addressed a security vulnerability affecting Windows deployments related to improper handling and validation of...

SUSE-SU-2026:20946-1 Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: - CVE-2025-38488: smb: client: fix use-after-free in cryptmessage when using async crypto bsc1247240. - CVE-2025-40214: afunix: Initialise sccindex in...

CVE-2026-23303

A flaw was found in the Linux kernel's Server Message Block SMB client. When debug logging is enabled, the cifssetcifscreds function logs plaintext credentials, including usernames and passwords. This information disclosure vulnerability allows a local attacker with access to the debug logs to...

CVE-2026-23282

A flaw was found in the Linux kernel's Server Message Block SMB client. This vulnerability occurs when the SMB client fails to properly initialize variables during certain connection operations, such as reconnecting. An uninitialized variable can then be used, leading to a kernel panic and causin...

CVE-2026-23282

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to uninitialised var in smb2unlink If SMB2openinit or SMB2closeinit fails e.g. reconnect, the iovs set @rqst will be left uninitialised, hence calling SMB2openfree, SMB2closefree or smb2setrelated on the...