Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
In Netatalk 2.2.2 through 4.4.2, authentication bypass via admin auth user. Fixed in 4.5.0.
AnalysisAI
Authentication bypass in Netatalk 2.2.2 through 4.4.2 allows attackers with high-privileged admin auth user credentials to circumvent authentication controls in this open-source AFP (Apple Filing Protocol) server implementation. The flaw, tracked as EUVD-2026-31234 and tagged as an Authentication Bypass weakness, carries a CVSS 7.2 (High) score and is fixed in version 4.5.0; no public exploit identified at time of analysis.
Technical ContextAI
Netatalk is an open-source implementation of the Apple Filing Protocol (AFP) that allows Unix and Linux systems to serve as file servers for macOS clients, commonly deployed on NAS appliances and Linux file shares. The vulnerability falls under CWE-287 (Improper Authentication), specifically an authentication bypass tied to the 'admin auth user' mechanism - a Netatalk feature that allows an administrative user to authenticate on behalf of other users. The CPE string cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* indicates the flaw spans the full Netatalk product line within the affected version range, suggesting the weakness exists in the core authentication module rather than a peripheral component.
RemediationAI
Upgrade to Netatalk 4.5.0 or later - this is the vendor-released patched version per the upstream advisory at https://netatalk.io/security/CVE-2026-44058. For deployments where immediate upgrade is not feasible (notably NAS appliances awaiting vendor firmware), compensating controls include disabling the admin auth user feature in afp.conf if it is not actively required (trade-off: loss of admin-on-behalf-of-user functionality used by some backup workflows), restricting AFP service exposure to trusted management networks via firewall rules on TCP/548 (trade-off: blocks legitimate remote Mac clients), and rotating credentials for any account configured as the admin auth user to limit the window for credential-based exploitation. Monitor downstream NAS vendor security bulletins for firmware updates that incorporate the 4.5.0 fix.
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 12 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 | Fixed |
| SUSE Linux Enterprise Server 12 SP1 | Fixed |
| SUSE Linux Enterprise Server 12 SP2 | Fixed |
| SUSE Linux Enterprise Server 12 SP3 | Fixed |
| SUSE Linux Enterprise Server 12 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP1 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP2 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP3 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP4 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31234
GHSA-3jh8-xjh7-hwv3