Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
In Netatalk 2.2.5 through 4.4.2, non-reentrant privilege toggle. Fixed in 4.5.0.
AnalysisAI
Race condition in Netatalk's privilege toggle mechanism exposes AFP file server hosts to local privilege abuse across versions 2.2.5 through 4.4.2. The non-reentrant privilege toggle function can be exploited by a low-privileged local user who wins a narrow timing window to read, modify, or disrupt data at a transiently elevated privilege level. No public exploit code exists and the issue is not listed in CISA KEV; real-world risk is constrained by the requirement for local access and high attack complexity. Vendor-released patch is available in version 4.5.0.
Technical ContextAI
Netatalk is an open-source implementation of the Apple Filing Protocol (AFP), enabling Unix-like systems to serve files to macOS clients. The affected component is a privilege toggle routine - code that switches the process between elevated and normal privilege states (e.g., via seteuid/setuid calls) to perform operations requiring temporary elevation. CWE-362 (Concurrent Execution Using Shared Resource with Improper Synchronization) describes the root cause: the toggle function is not reentrant, meaning if two execution paths enter it simultaneously, one thread can observe or operate under an elevated privilege state intended only for the other. The CPE string cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* confirms all builds of the netatalk application package from 2.2.5 through 4.4.2 are affected, regardless of platform variant.
RemediationAI
Vendor-released patch: 4.5.0. Upgrade Netatalk to version 4.5.0 or later, as confirmed by the vendor advisory at https://netatalk.io/security/CVE-2026-44059. For systems that cannot be immediately patched, restrict shell and local system access to the Netatalk server host to only trusted, authorized users - this directly eliminates the PR:L requirement. As an additional compensating control, consider running the Netatalk daemon under a dedicated, minimally privileged service account to reduce the privilege delta exploitable via the race window; note this may require reconfiguring share permissions. Disabling AFP shares entirely and migrating to SMB (Samba) is a viable architectural mitigation for environments where AFP is not strictly required, though this has operational impact for macOS clients using legacy AFP mounts.
Same weakness CWE-362 – Race Condition
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 12 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 | Fixed |
| SUSE Linux Enterprise Server 12 SP1 | Fixed |
| SUSE Linux Enterprise Server 12 SP2 | Fixed |
| SUSE Linux Enterprise Server 12 SP3 | Fixed |
| SUSE Linux Enterprise Server 12 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP1 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP2 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP3 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP4 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31233
GHSA-87m3-6mhh-2gj7