Windows has stopped reusing machine accounts in October 2022 per https://twitter.com/brdpoker/status/1579962197362769921 and https://support.microsoft.com/en-us/topic/kb5020276-netjoin-domain-join-hardening-changes-2b65a0f3-1f4c-42ef-ac0f-1caaf421baf8 Samba should do the same. A user who owns an account is very powerful over that account, so is is not safe to attempt to reset an existing account.
CVE-2022-38042 is the Microsoft CVE for this issue. As this is the same protocol the same CVE applies. The MS-given CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H looks reasonable.
(In reply to Andrew Bartlett from comment #2) The MS CVSS3.1 score calculates to 7.1 (HIGH)