Skip to main content

Netatalk CVE-2026-44071

| EUVDEUVD-2026-31241 LOW
Protection Mechanism Failure (CWE-693)
2026-05-21 securin GHSA-jwvm-wx3q-6rjh
3.7
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.7 LOW
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
May 21, 2026 - 09:32 vuln.today

DescriptionCVE.org

Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of service via memory errors that would otherwise be caught and safely terminated by runtime protection.

AnalysisAI

Netatalk versions 3.1.2 through 4.4.2 are distributed as binaries compiled without the FORTIFY_SOURCE flag, stripping away runtime buffer overflow detection that the compiler would otherwise embed into unsafe C standard library calls. Remote unauthenticated attackers can, under high-complexity conditions, trigger memory errors that the absent protection would have safely caught and terminated, instead manifesting as minor availability impact (CVSS A:L). No public exploit code exists and CISA has not added this to the KEV catalog; the CVSS score of 3.7 (Low) reflects the limited impact ceiling and high attack complexity.

Technical ContextAI

Netatalk is an open-source Apple Filing Protocol (AFP) server enabling macOS-compatible file sharing on Linux and BSD systems, identified by CPE cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*. FORTIFY_SOURCE is a GCC/Clang compile-time hardening flag that instruments calls to unsafe C functions such as strcpy, memcpy, and sprintf with bounds-checking wrappers; when a buffer overrun is detected at runtime, the process is safely aborted before exploitation can proceed. CWE-693 (Protection Mechanism Failure) precisely classifies this issue: the protective control exists in the toolchain but was not activated during the build process, meaning any latent buffer-handling bugs in Netatalk's AFP parsing or file-sharing logic lose an important safety net. The practical consequence is that memory errors the runtime would otherwise catch and terminate safely can instead result in uncontrolled process crashes or undefined behavior.

RemediationAI

The primary remediation is to upgrade to a Netatalk release that is compiled with FORTIFY_SOURCE enabled; consult the vendor advisory at https://netatalk.io/security/CVE-2026-44071 for the confirmed fixed version, as the exact patched release is not specified in the available intelligence data. If upgrading immediately is not feasible, a compensating control is to restrict network access to the AFP service (typically TCP port 548) to trusted hosts only via firewall rules, reducing the network-accessible attack surface indicated by AV:N in the CVSS vector; note that this does not eliminate the underlying build hardening gap but substantially limits who can trigger it. Organizations building Netatalk from source should add -D_FORTIFY_SOURCE=2 (or =3 for GCC 12+) to their CFLAGS as an immediate mitigation; this has no known functional side effects for production AFP workloads.

CVE-2018-1160 CRITICAL POC
9.8 Dec 20

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. Rated critical severity (CVSS 9.8), th

CVE-2022-45188 HIGH POC
7.8 Nov 12

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl fi

CVE-2023-42464 CRITICAL
9.8 Sep 20

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. Rated c

CVE-2022-22995 CRITICAL
9.8 Mar 25

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of file

CVE-2021-31439 HIGH
8.8 May 21

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology Dis

CVE-2026-44069 LOW
3.9 May 21

Integer underflow in Netatalk's volxlate function affects all releases from 3.0.0 through 4.4.2, an open-source AFP (App

CVE-2026-44074 LOW
3.7 May 21

Incorrect errno calculation in Netatalk 2.1.0 through 4.4.2 allows remote unauthenticated attackers to cause minor servi

CVE-2026-44075 LOW
3.7 May 21

Missing break statement in Netatalk's DSI OpenSession handler allows DSIOPT_ATTNQUANT case to fall through into DSIOPT_S

CVE-2026-7837 LOW
3.7 May 21

TOCTOU race condition in Netatalk's ad_flush function across versions 3.0.0 through 4.4.2 exposes root-privileged file o

CVE-2026-44070 LOW
3.1 May 21

Unbounded realloc during charset conversion in Netatalk 2.0.0 through 4.4.2 allows an authenticated remote attacker to t

CVE-2026-7835 LOW
3.1 May 21

Format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows authenticated network attackers to cause low-seve

CVE-2026-44057 LOW
3.1 May 21

Information disclosure in Netatalk 3.0.0 through 4.4.2 stems from a dead bounds check (CWE-561) in the Spotlight RPC unm

Share

CVE-2026-44071 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy