Platform

CVE-2026-2340

Discovered by AISLEPUBLISHED

Description

vfs_worm module that allows overwriting or deleting WORM-protected files via SMB rename with ReplaceIfExists=1, bypassing the intended immutability guarantee after the grace period

Severity

MEDIUM

4.3

CVSS Score

Timeline

Published: Jan 4, 2026
Reserved: —
Updated: —

Assigner

Organization: —
CNA: —

CVSS Base Scores

CVSS v3.1(Primary)

4.3

SOC 2
ISO 27001
ISO 42001

Solutions

Developer
Enterprise

Company

About Us
Careers
Contact
Trust Center
LinkedIn

Resources

Blog
Wall of Fame
CVE Hub
Open Source

Legal

Privacy Policy
Terms of Use
Cookie Policy
Limited Use Terms
Vulnerability Disclosure
AISLE Pro Terms of Use

SOC 2
ISO 27001
ISO 42001