In the Linux kernel, the following vulnerability has been resolved:
smb: client: Don't log plaintext credentials in cifs_set_cifscreds
When debug logging is enabled, cifs_set_cifscreds() logs the key
payload and exposes the plaintext username and password. Remove the
debug log to avoid exposing credentials.
| Score | Percentile |
|---|---|
| 0.01% | 3.45% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 5.5 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-7rpf-jpp6-g4v7 ↗ |
| CVE | CVE-2026-23303 ↗ |