Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
In Netatalk 2.1.0 through 4.4.2, ldap filter injection. Fixed in 4.5.0.
AnalysisAI
LDAP filter injection in Netatalk 2.1.0 through 4.4.2 enables an authenticated remote attacker to manipulate LDAP query logic, potentially reading or modifying directory entries beyond their authorization scope. The CVSS score of 4.2 (Medium) reflects real but bounded impact - high attack complexity and a requirement for low-privilege authentication constrain opportunistic exploitation. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Technical ContextAI
Netatalk is an open-source implementation of the Apple Filing Protocol (AFP) that optionally integrates with LDAP for centralized user authentication and directory lookups. CWE-90 (Improper Neutralization of Special Elements in an LDAP Query) identifies the root cause: user-controlled input is incorporated into LDAP filter strings without adequate sanitization, allowing injection of LDAP metacharacters that alter query semantics. The affected product is identified by CPE cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* spanning versions 2.1.0 through 4.4.2. Successful exploitation depends on the LDAP code path being reachable, which is only the case when the administrator has explicitly enabled LDAP integration in Netatalk's configuration.
RemediationAI
Upgrade to Netatalk 4.5.0, which is the vendor-confirmed fix version per the advisory at https://netatalk.io/security/CVE-2026-44063. If an immediate upgrade is not feasible, disable LDAP authentication integration in Netatalk's configuration (typically via the afp.conf or equivalent daemon configuration file) and revert to local account authentication - note this trade-off eliminates centralized directory-based user management and may disrupt existing workflows. Additionally, restricting AFP service exposure to trusted internal network segments or VPN tunnels reduces the network attack surface, particularly given the AV:N vector.
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a
In Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required,
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated critical severity (CVSS 9.8), this vulnerabi
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for aut
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows at
A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6
Authentication bypass in Apache Druid versions 0.17.0 through 35.x. Affects all versions prior to 36.0.0 when specific p
Arbitrary certificate disclosure in Apache CXF's XKMS server lets remote attackers abuse an LDAP injection flaw (CWE-90)
An issue was discovered in linqi before 1.4.0.1 on Windows. Rated critical severity (CVSS 9.8), this vulnerability is re
A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5.jsp?actionFlag=test&i
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the P
Kanboard versions 1.2.48 and earlier contain an LDAP injection vulnerability where unsanitized user input in the LDAP au
Same weakness CWE-90 – LDAP Injection
View allSame technique Code Injection
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 12 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 | Fixed |
| SUSE Linux Enterprise Server 12 SP1 | Fixed |
| SUSE Linux Enterprise Server 12 SP2 | Fixed |
| SUSE Linux Enterprise Server 12 SP3 | Fixed |
| SUSE Linux Enterprise Server 12 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP1 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP2 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP3 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP4 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31238
GHSA-h47x-56q8-mw44