Skip to main content

Netatalk CVE-2026-44074

| EUVDEUVD-2026-31247 LOW
Incorrect Calculation (CWE-682)
2026-05-21 securin GHSA-2pwf-3x8m-5x9q
3.7
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.7 LOW
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
May 21, 2026 - 09:32 vuln.today

DescriptionCVE.org

Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths.

AnalysisAI

Incorrect errno calculation in Netatalk 2.1.0 through 4.4.2 allows remote unauthenticated attackers to cause minor service disruption by triggering simultaneous error conditions that produce invalid composite error codes via bitwise OR misuse. The flaw (CWE-682, Incorrect Calculation) diverts execution into incorrect error-handling paths within the AFP file-sharing service, affecting availability at a low level (A:L) with no confidentiality or integrity impact. No public exploit or active exploitation has been identified at time of analysis; the CVSS score of 3.7 (Low) and high attack complexity (AC:H) reflect a limited real-world threat.

Technical ContextAI

Netatalk is a widely deployed open-source implementation of the Apple Filing Protocol (AFP), enabling file-sharing between Unix/Linux servers and Apple macOS clients. The root cause is CWE-682 (Incorrect Calculation): the codebase erroneously combines multiple POSIX errno values using the bitwise OR operator when multiple error conditions occur simultaneously. In C/Unix programming, errno values are small distinct integers representing specific error states; ORing them together yields a nonsensical composite integer that does not map to any valid error code, causing the runtime to select an unintended error-handling branch. This is a coding logic error in the error-propagation layer of the application rather than a memory corruption or authentication bypass. The CPE identifier cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* spans the full Netatalk application suite across the affected version range.

RemediationAI

Consult the vendor security advisory at https://netatalk.io/security/CVE-2026-44074 for the official patch and confirmed fix version - a specific patched release number was not independently verifiable from the provided source data, so the advisory should be treated as the authoritative source. Organizations running Netatalk 2.1.0 through 4.4.2 should plan to upgrade to the vendor-confirmed fixed version; given the low CVSS score and high attack complexity, this does not warrant emergency patching in most environments. As a compensating control, restricting network access to the AFP service port (typically TCP 548) to trusted subnets or VLANs reduces the network attack surface, with the trade-off of limiting remote Apple client connectivity. If AFP is not required for a given host, disabling the Netatalk service entirely eliminates exposure with no functional side effects for non-AFP workloads.

CVE-2018-1160 CRITICAL POC
9.8 Dec 20

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. Rated critical severity (CVSS 9.8), th

CVE-2022-45188 HIGH POC
7.8 Nov 12

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl fi

CVE-2023-42464 CRITICAL
9.8 Sep 20

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. Rated c

CVE-2022-22995 CRITICAL
9.8 Mar 25

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of file

CVE-2021-31439 HIGH
8.8 May 21

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology Dis

CVE-2026-44069 LOW
3.9 May 21

Integer underflow in Netatalk's volxlate function affects all releases from 3.0.0 through 4.4.2, an open-source AFP (App

CVE-2026-44071 LOW
3.7 May 21

Netatalk versions 3.1.2 through 4.4.2 are distributed as binaries compiled without the FORTIFY_SOURCE flag, stripping aw

CVE-2026-44075 LOW
3.7 May 21

Missing break statement in Netatalk's DSI OpenSession handler allows DSIOPT_ATTNQUANT case to fall through into DSIOPT_S

CVE-2026-7837 LOW
3.7 May 21

TOCTOU race condition in Netatalk's ad_flush function across versions 3.0.0 through 4.4.2 exposes root-privileged file o

CVE-2026-44070 LOW
3.1 May 21

Unbounded realloc during charset conversion in Netatalk 2.0.0 through 4.4.2 allows an authenticated remote attacker to t

CVE-2026-7835 LOW
3.1 May 21

Format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows authenticated network attackers to cause low-seve

CVE-2026-44057 LOW
3.1 May 21

Information disclosure in Netatalk 3.0.0 through 4.4.2 stems from a dead bounds check (CWE-561) in the Spotlight RPC unm

Share

CVE-2026-44074 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy