What is the CVSS score of CVE-2026-44076?

CVE-2026-44076 has a CVSS 3.1 base score of 6.7 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-44076?

Yes, a patch is available for CVE-2026-44076. Update the affected software to the latest version immediately.

Netatalk CVE-2026-44076

EUVD-2026-31219 MEDIUM

OS Command Injection (CWE-78)

2026-05-21 securin

GHSA-ffrg-fjv6-4h2r

Command Injection Suse

6.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 21, 2026 - 08:10 vuln.today

DescriptionNVD

In Netatalk 3.1.0 through 4.4.2, shell injection via volume path. Fixed in 4.4.3.

AnalysisAI

Shell injection in Netatalk 3.1.0 through 4.4.2 allows a high-privileged local attacker to execute arbitrary OS commands by embedding shell metacharacters in a configured volume path value. The flaw (CWE-78) arises because volume path strings are passed to a shell interpreter without sanitization, meaning any actor with write access to Netatalk's volume configuration can achieve full command execution under the Netatalk process context. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory