Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-94d3-5rgf-x3dh
Vulnerability ID VCID-94d3-5rgf-x3dh
Aliases CVE-2015-7560
Summary The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-284 Improper Access Control
System Score Found at
epss 0.03995 https://api.first.org/data/v1/epss?cve=CVE-2015-7560
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7560.json
https://api.first.org/data/v1/epss?cve=CVE-2015-7560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0771
1309992 https://bugzilla.redhat.com/show_bug.cgi?id=1309992
RHSA-2016:0447 https://access.redhat.com/errata/RHSA-2016:0447
RHSA-2016:0448 https://access.redhat.com/errata/RHSA-2016:0448
RHSA-2016:0449 https://access.redhat.com/errata/RHSA-2016:0449
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.88627
EPSS Score 0.03995
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:10:39.148285+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0