Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
In Netatalk 2.0.0 through 4.4.2, heap buffer overflow in cnid daemon comm_rcv(). Fixed in 4.4.3.
AnalysisAI
Heap buffer overflow in the Netatalk cnid_metad daemon's comm_rcv() function allows remote attackers with low-level privileges to corrupt memory across versions 2.0.0 through 4.4.2. Given the CVSS 9.9 score with scope change and high impact across confidentiality, integrity, and availability, successful exploitation likely leads to code execution in the daemon's context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Technical ContextAI
Netatalk is an open-source implementation of the Apple Filing Protocol (AFP) suite, allowing Unix-like systems to act as file servers for Apple clients. The vulnerable component is the cnid_metad daemon, which manages Catalog Node ID (CNID) databases used to maintain persistent file identifiers across AFP sessions. The flaw is classified as CWE-122 (Heap-based Buffer Overflow) and occurs in comm_rcv(), the inter-process communication receive routine, where attacker-controlled input is written into a heap buffer without adequate length validation. The affected CPE is cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*, spanning every release from 2.0.0 through 4.4.2.
RemediationAI
Vendor-released patch: Netatalk 4.4.3, which contains the fix for comm_rcv() in the cnid_metad daemon - upgrade to this version or later as documented at https://netatalk.io/security/CVE-2026-44050. For appliance users (Synology, QNAP, etc.) where direct upgrade is not possible, monitor the vendor for a firmware update that incorporates 4.4.3 and apply it as soon as available. If immediate patching is not feasible, compensating controls include disabling the AFP service entirely (afpd and cnid_metad) where SMB or NFS can substitute, restricting AFP TCP port 548 to trusted client subnets at the network firewall, and removing untrusted user accounts from any AFP-enabled server since exploitation requires the low-privilege foothold indicated by PR:L. Trade-off: disabling AFP breaks legacy Mac client file sharing, and network restrictions do not protect against authenticated internal users.
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Buffer Overflow
View allVendor StatusVendor
SUSE
Severity: Critical| Product | Status |
|---|---|
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 12 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 | Fixed |
| SUSE Linux Enterprise Server 12 SP1 | Fixed |
| SUSE Linux Enterprise Server 12 SP2 | Fixed |
| SUSE Linux Enterprise Server 12 SP3 | Fixed |
| SUSE Linux Enterprise Server 12 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP1 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP2 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP3 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP4 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31229
GHSA-8f3j-jffj-vg2m