Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths.
AnalysisAI
Incorrect errno calculation in Netatalk 2.1.0 through 4.4.2 allows remote unauthenticated attackers to cause minor service disruption by triggering simultaneous error conditions that produce invalid composite error codes via bitwise OR misuse. The flaw (CWE-682, Incorrect Calculation) diverts execution into incorrect error-handling paths within the AFP file-sharing service, affecting availability at a low level (A:L) with no confidentiality or integrity impact. No public exploit or active exploitation has been identified at time of analysis; the CVSS score of 3.7 (Low) and high attack complexity (AC:H) reflect a limited real-world threat.
Technical ContextAI
Netatalk is a widely deployed open-source implementation of the Apple Filing Protocol (AFP), enabling file-sharing between Unix/Linux servers and Apple macOS clients. The root cause is CWE-682 (Incorrect Calculation): the codebase erroneously combines multiple POSIX errno values using the bitwise OR operator when multiple error conditions occur simultaneously. In C/Unix programming, errno values are small distinct integers representing specific error states; ORing them together yields a nonsensical composite integer that does not map to any valid error code, causing the runtime to select an unintended error-handling branch. This is a coding logic error in the error-propagation layer of the application rather than a memory corruption or authentication bypass. The CPE identifier cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* spans the full Netatalk application suite across the affected version range.
RemediationAI
Consult the vendor security advisory at https://netatalk.io/security/CVE-2026-44074 for the official patch and confirmed fix version - a specific patched release number was not independently verifiable from the provided source data, so the advisory should be treated as the authoritative source. Organizations running Netatalk 2.1.0 through 4.4.2 should plan to upgrade to the vendor-confirmed fixed version; given the low CVSS score and high attack complexity, this does not warrant emergency patching in most environments. As a compensating control, restricting network access to the AFP service port (typically TCP 548) to trusted subnets or VLANs reduces the network attack surface, with the trade-off of limiting remote Apple client connectivity. If AFP is not required for a given host, disabling the Netatalk service entirely eliminates exposure with no functional side effects for non-AFP workloads.
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. Rated critical severity (CVSS 9.8), th
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl fi
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. Rated c
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of file
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology Dis
Integer underflow in Netatalk's volxlate function affects all releases from 3.0.0 through 4.4.2, an open-source AFP (App
Netatalk versions 3.1.2 through 4.4.2 are distributed as binaries compiled without the FORTIFY_SOURCE flag, stripping aw
Missing break statement in Netatalk's DSI OpenSession handler allows DSIOPT_ATTNQUANT case to fall through into DSIOPT_S
TOCTOU race condition in Netatalk's ad_flush function across versions 3.0.0 through 4.4.2 exposes root-privileged file o
Unbounded realloc during charset conversion in Netatalk 2.0.0 through 4.4.2 allows an authenticated remote attacker to t
Format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows authenticated network attackers to cause low-seve
Information disclosure in Netatalk 3.0.0 through 4.4.2 stems from a dead bounds check (CWE-561) in the Spotlight RPC unm
Same weakness CWE-682 – Incorrect Calculation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31247
GHSA-2pwf-3x8m-5x9q