{"id":"CVE-2026-23303","summary":"smb: client: Don't log plaintext credentials in cifs_set_cifscreds","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Don't log plaintext credentials in cifs_set_cifscreds\n\nWhen debug logging is enabled, cifs_set_cifscreds() logs the key\npayload and exposes the plaintext username and password. Remove the\ndebug log to avoid exposing credentials.","modified":"2026-04-02T13:12:20.655028Z","published":"2026-03-25T10:26:58.166Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23303.json","cna_assigner":"Linux"},"references":[{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2ef0fc3bf49db2b9df36d5f44508c9e384bfa2a1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2f37dc436d4e61ff7ae0b0353cf91b8c10396e4d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3990f352bb0adc8688d0949a9c13e3110570eb61"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3e182701db612ddd794ccd5ed822e6cc1db2b972"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b746a357abfb8fdb0a171d51ec5091e786d34be1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ff0ece8ed04180c52167c003362284b23cf54e8d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23303.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23303"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8a8798a5ff90977d6459ce1d657cf8fe13a51e97"},{"fixed":"ff0ece8ed04180c52167c003362284b23cf54e8d"},{"fixed":"3990f352bb0adc8688d0949a9c13e3110570eb61"},{"fixed":"b746a357abfb8fdb0a171d51ec5091e786d34be1"},{"fixed":"2ef0fc3bf49db2b9df36d5f44508c9e384bfa2a1"},{"fixed":"3e182701db612ddd794ccd5ed822e6cc1db2b972"},{"fixed":"2f37dc436d4e61ff7ae0b0353cf91b8c10396e4d"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23303.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.3.0"},{"fixed":"6.1.167"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.130"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.77"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.17"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.7"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23303.json"}}],"schema_version":"1.7.5"}