Skip to main content

Netatalk CVE-2026-44054

| EUVDEUVD-2026-31231 MEDIUM
Use of Insufficiently Random Values (CWE-330)
2026-05-21 securin GHSA-q5xh-737m-h26f
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 21, 2026 - 08:08 vuln.today

DescriptionCVE.org

In Netatalk 2.0.0 through 4.4.2, predictable afpd session token. Fixed in 4.4.3.

AnalysisAI

Predictable afpd session token generation in Netatalk 2.0.0 through 4.4.2 allows an authenticated remote attacker to forecast or brute-force valid session identifiers within the Apple Filing Protocol daemon. Per CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, the scored impact is limited to high availability disruption, though the reporter tag 'Information Disclosure' suggests potential session-hijacking consequences that may not be fully captured in the CVSS scoring - a discrepancy analysts should verify against the vendor advisory. No public exploit code or CISA KEV listing exists at time of analysis.

Technical ContextAI

Netatalk is an open-source implementation of the Apple Filing Protocol (AFP), enabling file sharing between macOS clients and Linux/Unix servers. The affected component is afpd, the AFP daemon responsible for managing client sessions. CWE-330 (Use of Insufficiently Random Values) identifies the root cause: session tokens generated by afpd during connection establishment rely on an insufficiently random or deterministic source, making them predictable to an observer. The affected CPE cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* spans the full Netatalk application across all platforms, covering versions 2.0.0 through 4.4.2. Predictable token flaws in session-oriented daemons typically enable session replay, fixation, or enumeration attacks that can impact confidentiality and integrity far beyond what this CVSS assignment reflects.

RemediationAI

Upgrade Netatalk to version 4.4.3, which is the vendor-confirmed fixed release per the advisory at https://netatalk.io/security/CVE-2026-44054. If an immediate upgrade is not feasible, restrict AFP daemon access to trusted network segments by applying firewall rules to limit TCP port 548 (AFP) to known, trusted client IP ranges - this reduces exposure to the PR:L authenticated attack surface. Additionally, disabling AFP entirely and migrating to SMB (Samba) or NFS for file sharing eliminates the attack surface completely, though this carries operational trade-offs for macOS client compatibility. Monitoring afpd session logs for anomalous token repetition or rapid session churn may help detect exploitation attempts in the interim.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Server 12 SP5 Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security Fixed
SUSE Linux Enterprise Server for SAP Applications 12 SP5 Fixed
SUSE Linux Enterprise Desktop 12 Fixed

Share

CVE-2026-44054 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy