Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-zfyb-9wrs-eyfx
Vulnerability ID VCID-zfyb-9wrs-eyfx
Aliases CVE-2015-5296
Summary Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-345 Insufficient Verification of Data Authenticity
System Score Found at
epss 0.03652 https://api.first.org/data/v1/epss?cve=CVE-2015-5296
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5296.json
https://api.first.org/data/v1/epss?cve=CVE-2015-5296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8467
1290292 https://bugzilla.redhat.com/show_bug.cgi?id=1290292
GLSA-201612-47 https://security.gentoo.org/glsa/201612-47
RHSA-2016:0006 https://access.redhat.com/errata/RHSA-2016:0006
RHSA-2016:0010 https://access.redhat.com/errata/RHSA-2016:0010
RHSA-2016:0011 https://access.redhat.com/errata/RHSA-2016:0011
RHSA-2016:0015 https://access.redhat.com/errata/RHSA-2016:0015
RHSA-2016:0016 https://access.redhat.com/errata/RHSA-2016:0016
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.88073
EPSS Score 0.03652
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:10:38.931146+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0