if the owner of a file has exec permission, then cifs vfs seems to generally grants exec permission on files where ACL does not actually grant exec permission.
bjacke@cifstest1:/mnt3/a$ getcifsacl test.txt
I'm connected with a user who is just in the Users group and I *can* execute the test.txt file. This should not be allowed. Only Administrator (S-1-5-21-4207148185-4040488370-1588356217-500) has execute permission according to the ACL.