Skip to main content

Netatalk CVE-2026-44073

| EUVDEUVD-2026-31220 MEDIUM
Improper Check for Dropped Privileges (CWE-273)
2026-05-21 securin GHSA-pc7p-8fgv-4x9c
5.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
SUSE
7.5 HIGH
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

2
CVSS changed
May 21, 2026 - 08:22 NVD
4.0 (MEDIUM) 5.0 (MEDIUM)
Analysis Generated
May 21, 2026 - 08:09 vuln.today

DescriptionCVE.org

In Netatalk 1.5.0 through 4.4.2, seteuid failure ignored in auth modules. Fixed in 4.5.0.

AnalysisAI

Privilege retention in Netatalk 1.5.0 through 4.4.2 results from auth modules silently ignoring failures of the seteuid() system call, allowing an authenticated network attacker to operate with unintended elevated privileges. When seteuid() fails-due to resource exhaustion, OS limits, or specific system configurations-the process continues execution under its original (higher) UID rather than the intended reduced privilege level, exposing file system objects or operations the user should not access. No public exploit code has been identified at time of analysis, and the issue is not listed in CISA KEV, but the vendor has confirmed the flaw and released a fix in version 4.5.0.

Technical ContextAI

Netatalk is an open-source AFP (Apple Filing Protocol) server widely used for macOS-to-Linux file sharing. The vulnerability maps to CWE-273 (Improper Check for Dropped Privileges): POSIX systems use seteuid() to temporarily lower a process's effective user ID before performing operations on behalf of a less-privileged user. If seteuid() fails-which can occur when the process has reached OS-imposed UID transition limits or encounters internal errors-correct code must abort or handle the error. Netatalk's auth modules fail to check the return value, so subsequent file or authentication operations execute under the original elevated UID instead of the caller's restricted UID. The affected CPE is cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* spanning versions 1.5.0 to 4.4.2, as confirmed by ENISA EUVD-2026-31220.

RemediationAI

Upgrade Netatalk to version 4.5.0, which addresses the seteuid return-value check in auth modules, per the vendor advisory at https://netatalk.io/security/CVE-2026-44073. This is the only confirmed remediation. If immediate upgrade is not possible, restrict AFP server access to fully trusted users only by enforcing network-level controls (firewall rules limiting AFP port 548 to known, trusted IP ranges), which reduces the pool of potential authenticated attackers who could trigger the condition. Additionally, consider disabling Netatalk services on hosts where AFP sharing is not operationally required. Note that network restriction does not eliminate the vulnerability-it only narrows the attacker population; it does not prevent a legitimate but malicious authenticated user from attempting exploitation.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Server 12 SP5 Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security Fixed
SUSE Linux Enterprise Server for SAP Applications 12 SP5 Fixed
SUSE Linux Enterprise Desktop 12 Fixed

Share

CVE-2026-44073 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy