What is CVE-2026-12249?

CVE-2026-12249 is a critical-severity vulnerability in Canonical Ubuntu 20.04 Lts, classified under CWE-348. CVSS score: 9.0/10. Published 2026-06-22.

How severe is CVE-2026-12249?

Critical severity. CVSS v3 base score is 9.0 out of 10.

Vulnerability in Canonical Ubuntu 20.04 Lts

CVE-2026-12249

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto-enrollment via the vendored Samba client script (internal/policies/certificate/python/vendo…

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Canonical Ubuntu 20.04 Lts — versions 0.9.2~20.04.2ubuntu0.1+esm2
Canonical Ubuntu 22.04 Lts — versions 0.16.3~22.04.2ubuntu0.22.04.1
Canonical Ubuntu 24.04 Lts — versions 0.16.3~24.04.2ubuntu0.24.04.1
Canonical Ubuntu 25.10 — versions 0.16.3
Canonical Ubuntu 26.04 Lts — versions 0.16.4ubuntu1

Weakness classification (CWE)

CWE-348

References

security@ubuntu.com (issue-tracking, vdb-entry)
security@ubuntu.com (patch)

Frequently asked questions

What is CVE-2026-12249?: CVE-2026-12249 is a critical-severity vulnerability in Canonical Ubuntu 20.04 Lts, classified under CWE-348. CVSS score: 9.0/10. Published 2026-06-22.
How severe is CVE-2026-12249?: Critical severity. CVSS v3 base score is 9.0 out of 10.