Samba vulnerabilities: known CVEs & security history
Samba · Actively exploited · 215 tracked CVEs · 2 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all Samba release lines — 215 in total, with 2 actively exploited in the wild. A CVE here doesn't mean your version is affected — check Samba's current status and the safe version to run.
Known Samba CVEs
Actively-exploited and most-severe first. Showing the top 80 of 215. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2017-7494⚡ exploited | critical | 9.8 | 99% | 2017 |
| CVE-2020-1472⚡ exploited | medium | 5.5 | 100% | 2020 |
| CVE-2022-45141 | critical | 9.8 | 0% | 2023 |
| CVE-2022-44640 | critical | 9.8 | 2% | 2022 |
| CVE-2017-14746 | critical | 9.8 | 10% | 2017 |
| CVE-2023-3961 | critical | 9.1 | 2% | 2023 |
| CVE-2026-4408 | critical | 9 | 2% | 2026 |
| CVE-2026-4480 | critical | 9 | 1% | 2026 |
| CVE-2015-0240 | high | 10 | 89% | 2015 |
| CVE-2012-1182 | high | 10 | 74% | 2012 |
| CVE-2007-2446 | high | 10 | 78% | 2007 |
| CVE-2004-0882 | high | 10 | 14% | 2005 |
| CVE-2004-1154 | high | 10 | 13% | 2005 |
| CVE-2004-0600 | high | 10 | 29% | 2004 |
| CVE-2003-0196 | high | 10 | 23% | 2003 |
| CVE-2003-0201 | high | 10 | 85% | 2003 |
| CVE-2003-0085 | high | 10 | 88% | 2003 |
| CVE-2002-1318 | high | 10 | 52% | 2002 |
| CVE-2001-1162 | high | 10 | 12% | 2001 |
| CVE-1999-0810 | high | 10 | 2% | 1999 |
| CVE-1999-0182 | high | 10 | 10% | 1997 |
| CVE-2009-1886 | high | 9.3 | 12% | 2009 |
| CVE-2007-6015 | high | 9.3 | 27% | 2007 |
| CVE-2007-4572 | high | 9.3 | 6% | 2007 |
| CVE-2007-5398 | high | 9.3 | 11% | 2007 |
| CVE-2004-2687 | high | 9.3 | 81% | 2004 |
| CVE-2011-2411 | high | 9 | 6% | 2011 |
| CVE-2022-42898 | high | 8.8 | 6% | 2022 |
| CVE-2022-0336 | high | 8.8 | 1% | 2022 |
| CVE-2022-32744 | high | 8.8 | 1% | 2022 |
| CVE-2022-2031 | high | 8.8 | 1% | 2022 |
| CVE-2020-25721 | high | 8.8 | 2% | 2022 |
| CVE-2021-3738 | high | 8.8 | 2% | 2022 |
| CVE-2021-44142 | high | 8.8 | 74% | 2022 |
| CVE-2020-25722 | high | 8.8 | 2% | 2022 |
| CVE-2020-25718 | high | 8.8 | 2% | 2022 |
| CVE-2016-2123 | high | 8.8 | 6% | 2018 |
| CVE-2018-1057 | high | 8.8 | 10% | 2018 |
| CVE-2014-8143 | high | 8.5 | 4% | 2015 |
| CVE-2010-0728 | high | 8.5 | 4% | 2010 |
| CVE-2008-4314 | high | 8.5 | 4% | 2008 |
| CVE-2013-4408 | high | 8.3 | 3% | 2013 |
| CVE-2022-38023 | high | 8.1 | 3% | 2022 |
| CVE-2022-37966 | high | 8.1 | 3% | 2022 |
| CVE-2022-32745 | high | 8.1 | 1% | 2022 |
| CVE-2020-25717 | high | 8.1 | 2% | 2022 |
| CVE-2018-1139 | high | 8.1 | 3% | 2018 |
| CVE-2017-11103 | high | 8.1 | 5% | 2017 |
| CVE-2026-3012 | high | 8 | 0% | 2026 |
| CVE-2014-3560 | high | 7.9 | 56% | 2014 |
| CVE-2012-0870 | high | 7.9 | 7% | 2012 |
| CVE-1999-0812 | high | 7.6 | 1% | 2000 |
| CVE-2023-4154 | high | 7.5 | 1% | 2023 |
| CVE-2023-34966 | high | 7.5 | 62% | 2023 |
| CVE-2022-32743 | high | 7.5 | 1% | 2022 |
| CVE-2021-23192 | high | 7.5 | 2% | 2022 |
| CVE-2020-27840 | high | 7.5 | 4% | 2021 |
| CVE-2021-20277 | high | 7.5 | 4% | 2021 |
| CVE-2020-10745 | high | 7.5 | 4% | 2020 |
| CVE-2020-14303 | high | 7.5 | 4% | 2020 |
| CVE-2020-10704 | high | 7.5 | 3% | 2020 |
| CVE-2018-16860 | high | 7.5 | 2% | 2019 |
| CVE-2018-16853 | high | 7.5 | 3% | 2018 |
| CVE-2017-2619 | high | 7.5 | 11% | 2018 |
| CVE-2017-15275 | high | 7.5 | 21% | 2017 |
| CVE-2016-2119 | high | 7.5 | 3% | 2016 |
| CVE-2016-2118 | high | 7.5 | 37% | 2016 |
| CVE-2015-8467 | high | 7.5 | 3% | 2015 |
| CVE-2015-7540 | high | 7.5 | 7% | 2015 |
| CVE-2015-5330 | high | 7.5 | 6% | 2015 |
| CVE-2010-3069 | high | 7.5 | 11% | 2010 |
| CVE-2010-2063 | high | 7.5 | 79% | 2010 |
| CVE-2008-1105 | high | 7.5 | 69% | 2008 |
| CVE-2007-0454 | high | 7.5 | 6% | 2007 |
| CVE-2004-0815 | high | 7.5 | 5% | 2004 |
| CVE-2004-0082 | high | 7.5 | 3% | 2004 |
| CVE-2003-1332 | high | 7.5 | 5% | 2003 |
| CVE-2002-2196 | high | 7.5 | 7% | 2002 |
| CVE-2000-0937 | high | 7.5 | 8% | 2000 |
| CVE-2018-16857 | high | 7.4 | 2% | 2018 |
135 older / lower-severity CVEs not shown — see Samba's full record.
Is my Samba version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your Samba version → · Monitor Samba for new CVEs →
Samba vulnerabilities — frequently asked
How many known vulnerabilities does Samba have?
IsItPatched tracks 215 CVEs for Samba, 2 of which are actively exploited (CISA KEV). 7 are critical-severity and 82 high-severity. These span every release line — what matters is whether the version you run is affected.
Does Samba have any actively-exploited vulnerabilities?
Yes — 2 Samba CVEs are in CISA's Known Exploited Vulnerabilities catalog, meaning they are confirmed exploited in the wild (2 linked to ransomware). Patch these as a priority.
What is the most severe Samba vulnerability?
Among tracked issues, CVE-2017-7494 (CRITICAL, CVSS 9.8), which is actively exploited, ranks highest — a Code injection weakness.
Is Samba safe to use?
It depends on the version. The latest supported Samba release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Samba security status · Samba end-of-life · actively-exploited CVEs. Always verify against Samba's advisories — see our disclaimer.