A critical vulnerability was discovered in Samba file servers and domain controllers that use the 'check password script' feature with %u substitution. Remote attackers can exploit improper escaping of shell meta-characters in client-controlled usernames to achieve remote command execution. The vulnerability primarily affects non-standard configurations where the check password script uses %u and samba-dcerpcd runs as a system service. This represents a significant security risk for affected Samba deployments.