What is the CVSS score of CVE-2026-44058?

CVE-2026-44058 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Netatalk are affected by CVE-2026-44058?

Netatalk AFP servers in versions 2.2.2 through 4.4.2 contain an authentication bypass vulnerability (CVSS 7.2) that could allow compromised administrator accounts to access unauthorized file shares.. A patch is available.

Netatalk CVE-2026-44058

EUVD-2026-31234 HIGH

Improper Authentication (CWE-287)

2026-05-21 securin

GHSA-3jh8-xjh7-hwv3

Authentication Bypass Suse

7.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

May 21, 2026 - 08:28 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 21, 2026 - 08:22 vuln.today

cvss_changed

Severity Changed

May 21, 2026 - 08:22 NVD

MEDIUM HIGH

CVSS changed

May 21, 2026 - 08:22 NVD

6.4 (MEDIUM) 7.2 (HIGH)

Analysis Generated

May 21, 2026 - 08:08 vuln.today

DescriptionNVD

In Netatalk 2.2.2 through 4.4.2, authentication bypass via admin auth user. Fixed in 4.5.0.

AnalysisAI

Authentication bypass in Netatalk 2.2.2 through 4.4.2 allows attackers with high-privileged admin auth user credentials to circumvent authentication controls in this open-source AFP (Apple Filing Protocol) server implementation. The flaw, tracked as EUVD-2026-31234 and tagged as an Authentication Bypass weakness, carries a CVSS 7.2 (High) score and is fixed in version 4.5.0; no public exploit identified at time of analysis.

RemediationAI

24 hours: Identify all systems running Netatalk 2.2.2-4.4.2 using asset inventory; enable detailed administrative access logging on affected AFP servers. 7 days: Upgrade Netatalk to version 4.5.0 or later on all identified systems; rotate all administrative account credentials during upgrade windows. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-44058 vulnerability details – vuln.today

Back

Netatalk CVE-2026-44058

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code