CVE-2026-23303Plaintext Storage of a Password in Linux

CWE-256Plaintext Storage of a Password9 documents8 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifs_set_cifscreds When debug logging is enabled, cifs_set_cifscreds() logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing credentials.

Affected Packages3 packages

Linuxlinux/linux_kernel3.3.06.1.167+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux8a8798a5ff90977d6459ce1d657cf8fe13a51e97ff0ece8ed04180c52167c003362284b23cf54e8d+6

🔴Vulnerability Details

4
GHSA
GHSA-7rpf-jpp6-g4v7: In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifs_set_cifscreds When debug lo2026-03-25
OSV
smb: client: Don't log plaintext credentials in cifs_set_cifscreds2026-03-25
CVEList
smb: client: Don't log plaintext credentials in cifs_set_cifscreds2026-03-25
OSV
CVE-2026-23303: In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifs_set_cifscreds When debug logg2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: smb: client: Don't log plaintext credentials in cifs_set_cifscreds2026-03-25
Microsoft
smb: client: Don't log plaintext credentials in cifs_set_cifscreds2026-03-10
Debian
CVE-2026-23303: linux - In the Linux kernel, the following vulnerability has been resolved: smb: client...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23303 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23303 — Plaintext Storage of a Password | cvebase