GCVE - cpe:2.3:a:https://github.com/kde/:smb4k:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:https://github.com/kde/:smb4k:*:*:*:*:*:*:*:*

part: a version: smb4k update: *

Vendor	Https (`d7181f43-5065-54de-83f7-090f042665aa`)
Product	//Github.Com/Kde/ (`5737baf3-b616-5421-a0dd-cd088eb14386`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-66003`	vulnerable	2026-06-03 15:09:40.754091	Local users can perform a local root exploit via smb4k mounthelper An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5. Published: 2026-01-08T14:58:46.292Z Updated: 2026-01-08T15:43:16.738Z Open on db.gcve.eu Reference links https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66003 https://security.opensuse.org/2025/12/10/smb4k-major-issues-in-kauth-helper.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-66002`	vulnerable	2026-06-03 15:09:40.753468	Local users can perform arbitrary unmounts via smb4k mount helper due to lack of input validation An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper Published: 2026-01-08T14:25:44.172Z Updated: 2026-01-08T15:55:57.881Z Open on db.gcve.eu Reference links https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66002 https://security.opensuse.org/2025/12/10/smb4k-major-issues-in-kauth-helper.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.