Skip to main content

Netatalk CVE-2026-44058

| EUVDEUVD-2026-31234 HIGH
Improper Authentication (CWE-287)
2026-05-21 securin GHSA-3jh8-xjh7-hwv3
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Updated
May 21, 2026 - 08:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 21, 2026 - 08:22 vuln.today
cvss_changed
Severity Changed
May 21, 2026 - 08:22 NVD
MEDIUM HIGH
CVSS changed
May 21, 2026 - 08:22 NVD
6.4 (MEDIUM) 7.2 (HIGH)
Analysis Generated
May 21, 2026 - 08:08 vuln.today

DescriptionCVE.org

In Netatalk 2.2.2 through 4.4.2, authentication bypass via admin auth user. Fixed in 4.5.0.

AnalysisAI

Authentication bypass in Netatalk 2.2.2 through 4.4.2 allows attackers with high-privileged admin auth user credentials to circumvent authentication controls in this open-source AFP (Apple Filing Protocol) server implementation. The flaw, tracked as EUVD-2026-31234 and tagged as an Authentication Bypass weakness, carries a CVSS 7.2 (High) score and is fixed in version 4.5.0; no public exploit identified at time of analysis.

Technical ContextAI

Netatalk is an open-source implementation of the Apple Filing Protocol (AFP) that allows Unix and Linux systems to serve as file servers for macOS clients, commonly deployed on NAS appliances and Linux file shares. The vulnerability falls under CWE-287 (Improper Authentication), specifically an authentication bypass tied to the 'admin auth user' mechanism - a Netatalk feature that allows an administrative user to authenticate on behalf of other users. The CPE string cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* indicates the flaw spans the full Netatalk product line within the affected version range, suggesting the weakness exists in the core authentication module rather than a peripheral component.

RemediationAI

Upgrade to Netatalk 4.5.0 or later - this is the vendor-released patched version per the upstream advisory at https://netatalk.io/security/CVE-2026-44058. For deployments where immediate upgrade is not feasible (notably NAS appliances awaiting vendor firmware), compensating controls include disabling the admin auth user feature in afp.conf if it is not actively required (trade-off: loss of admin-on-behalf-of-user functionality used by some backup workflows), restricting AFP service exposure to trusted management networks via firewall rules on TCP/548 (trade-off: blocks legitimate remote Mac clients), and rotating credentials for any account configured as the admin auth user to limit the window for credential-based exploitation. Monitor downstream NAS vendor security bulletins for firmware updates that incorporate the 4.5.0 fix.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Server 12 SP5 Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security Fixed
SUSE Linux Enterprise Server for SAP Applications 12 SP5 Fixed
SUSE Linux Enterprise Desktop 12 Fixed

Share

CVE-2026-44058 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy