What is the CVSS score of CVE-2026-44054?

CVE-2026-44054 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Is there a patch available for CVE-2026-44054?

Yes, a patch is available for CVE-2026-44054. Update the affected software to the latest version immediately.

Netatalk CVE-2026-44054

EUVD-2026-31231 MEDIUM

Use of Insufficiently Random Values (CWE-330)

2026-05-21 securin

GHSA-q5xh-737m-h26f

Information Disclosure Suse

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

May 21, 2026 - 08:08 vuln.today

DescriptionNVD

In Netatalk 2.0.0 through 4.4.2, predictable afpd session token. Fixed in 4.4.3.

AnalysisAI

Predictable afpd session token generation in Netatalk 2.0.0 through 4.4.2 allows an authenticated remote attacker to forecast or brute-force valid session identifiers within the Apple Filing Protocol daemon. Per CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, the scored impact is limited to high availability disruption, though the reporter tag 'Information Disclosure' suggests potential session-hijacking consequences that may not be fully captured in the CVSS scoring - a discrepancy analysts should verify against the vendor advisory. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory