Skip to main content

Netatalk CVE-2026-44056

| EUVDEUVD-2026-31235 MEDIUM
Stack-based Buffer Overflow (CWE-121)
2026-05-21 securin GHSA-rcqv-jpc6-vw57
6.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.4 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High

Lifecycle Timeline

2
CVSS changed
May 21, 2026 - 08:22 NVD
6.0 (MEDIUM) 6.4 (MEDIUM)
Analysis Generated
May 21, 2026 - 08:08 vuln.today

DescriptionCVE.org

In Netatalk 1.3 through 4.2.2, stack buffer overflow in desktop.c. Fixed in 4.5.0.

AnalysisAI

Stack buffer overflow in Netatalk's desktop.c affects all versions from 1.3 through 4.2.2, allowing a network-reachable low-privilege authenticated attacker to crash the AFP service or potentially execute arbitrary code on the server. The vulnerability is rooted in improper bounds checking within AFP desktop database handling code and carries a CVSS score of 6.0 (Medium) with high availability impact as the most reliably achievable outcome. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the required high attack complexity materially limits real-world exploitation risk.

Technical ContextAI

Netatalk is an open-source implementation of the Apple Filing Protocol (AFP), used to provide macOS-compatible file sharing from Linux and Unix servers. The vulnerable component, desktop.c, handles AFP desktop database operations - a legacy feature that allows AFP clients to store metadata such as file icons and comments server-side. CWE-121 (Stack-based Buffer Overflow) identifies the root cause: data written to a stack-allocated buffer exceeds its bounds, potentially corrupting adjacent stack memory including return addresses or local variables, enabling denial of service or code execution. The CPE string cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* covers all platform variants of Netatalk across the affected version range. The CVSS vector (AV:N/AC:H/PR:L) is consistent with the AFP service being exposed over the network but requiring an established, authenticated AFP session to reach the desktop.c code path.

RemediationAI

Upgrade to Netatalk 4.5.0 or later - this is the vendor-released patch confirmed by the CVE description and the advisory at https://netatalk.io/security/CVE-2026-44056. Consult that advisory for release notes, as intermediate versions 4.3.x and 4.4.x are not confirmed as fixed. If immediate patching is not feasible, restrict AFP service access (TCP port 548) to trusted network segments or specific authorized hosts using firewall rules; this reduces exposure without disabling AFP entirely but does not eliminate the vulnerability for authenticated internal users. As a more aggressive workaround, disable AFP desktop database functionality if the feature is not operationally required, since the overflow resides in desktop.c - note this may break legacy macOS AFP metadata features for connected clients. Disabling the AFP service entirely eliminates exposure but prevents all macOS file sharing via AFP.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Server 12 SP5 Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security Fixed
SUSE Linux Enterprise Server for SAP Applications 12 SP5 Fixed
SUSE Linux Enterprise Desktop 12 Fixed

Share

CVE-2026-44056 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy