Skip to main content

Netatalk CVE-2026-44052

| EUVD-2026-31227 HIGH
Insertion of Sensitive Information into Log File (CWE-532)
2026-05-21 securin GHSA-j6x4-pjr7-hwq4
Information Disclosure Suse
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 21, 2026 - 08:02 vuln.today

DescriptionNVD

In Netatalk 2.1.0 through 4.4.2, ldap simple-bind password exposure in log output. Fixed in 4.4.3.

AnalysisAI

Information disclosure in Netatalk 2.1.0 through 4.4.2 exposes LDAP simple-bind passwords in log files, allowing any actor with read access to the affected logs to recover plaintext directory service credentials. The flaw is fixed in version 4.4.3, and no public exploit identified at time of analysis, though the CVSS 7.5 score reflects the high confidentiality impact of leaked bind credentials.

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: identify all systems running Netatalk and determine current versions. Within 7 days: upgrade affected systems to Netatalk 4.4.3 or later, and review file system access controls on log directories to restrict unauthorized log access. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-9256 HIGH
8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

Share

CVE-2026-44052 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy