Security flaw introduced in Samba 4.9.0, released on September 13, 2018, can be leveraged under certain conditions. The problem arises from the failure to reset the cache that keeps track of successful directory changes. The vulnerability does not affect the Unix permission checks in the kernel. The severity level is borderline critical, as the calculated score by Samba maintainers is 8.7.7. The fix is now available with a fix for CVE-2019-10197, and admins are advised to apply the latest stable releases.
Source: https://www.bleepingcomputer.com/news/security/year-old-samba-bug-allows-access-to-forbidden-root-share-paths/