products / samba

Samba

Samba provides SMB/CIFS file sharing and Active Directory services on Unix-like systems. NVD uses cpe:2.3:a:samba:samba with one of the deepest SMB-related CVE histories in open source, including CISA KEV entries.

api usage

Querying Samba

product slugsamba

version format4.14.0, 4.20.0, semver

bash

curl "https://api.attestd.io/v1/check?product=samba&version=4.14.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"

json

{
  "product": "samba",
  "version": "4.14.0",
  "supported": true,
  "risk_state": "critical",
  "risk_factors": [
    "remote_code_execution",
    "active_exploitation",
    "patch_available",
    "internet_exposed_service"
  ],
  "actively_exploited": true,
  "remote_exploitable": true,
  "authentication_required": false,
  "patch_available": true,
  "fixed_version": "4.14.5",
  "confidence": 0.9,
  "cve_ids": ["CVE-2021-44142", "CVE-2017-7494"],
  "last_updated": "2026-05-13T18:00:00Z",
  "supply_chain": null
}

safe version

bash

curl "https://api.attestd.io/v1/check?product=samba&version=4.20.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"

notable cves

CVE history

CVE	Description	CVSS
`CVE-2021-44142`	Heap out-of-bounds read/write in vfs_fruit (CISA KEV). Critical SMB attack surface.	9.9
`CVE-2017-7494`	EternalRed: remote code execution via writable share (CISA KEV, CVSS 9.8).	9.8

All products FreeIPA MIT Kerberos Response Field Reference