CVE-2026-23303 in Linux Kernel
Summary
In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifs_set_cifscreds When debug logging is enabled, cifs_set_cifscreds() logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing credentials.
Responsible
Linux
Reservation
01/13/2026
Disclosure
03/25/2026
Entries
| ID | Vulnerability | CWE | Base | Temp | 0day | Today | Exp | KEV | EPSS | CTI | Cou | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 353070 | Linux Kernel smb cifs_set_cifscreds debug log file | 534 | 3.3 | 3.2 | $0-$5k | $0-$5k | Not defined | 0.00024 | 1.24 | Official fix | CVE-2026-23303 |