Skip to main content

Netatalk CVE-2026-7836

| EUVDEUVD-2026-31222 LOW
Incorrect Calculation (CWE-682)
2026-05-21 securin GHSA-766c-rr8x-xjvp
3.1
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.1 LOW
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 21, 2026 - 08:07 vuln.today

DescriptionCVE.org

In Netatalk 2.0.0 through 4.4.2, hextoint macro uppercase bug. Fixed in 4.5.0.

AnalysisAI

Incorrect hexadecimal-to-integer conversion in Netatalk 2.0.0 through 4.4.2 stems from a macro that fails to handle uppercase hex digits (A-F) correctly, producing wrong integer values during AFP protocol processing. An authenticated remote attacker with low privileges can exploit the flaw under high-complexity conditions to cause minor integrity corruption - for example, corrupted filename or attribute encoding. No public exploit code exists and the vulnerability is not listed in CISA KEV, making real-world exploitation unlikely in most environments. Fixed in Netatalk 4.5.0.

Technical ContextAI

Netatalk is an open-source Apple Filing Protocol (AFP) server implementation for Unix and Linux systems (CPE: cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*), enabling macOS and legacy Mac OS clients to mount remote file shares. CWE-682 (Incorrect Calculation) identifies the root cause: the 'hextoint' macro used internally for hex-to-integer conversion does not correctly handle uppercase hexadecimal digits (A-F), likely only processing lowercase equivalents (a-f). This produces arithmetically wrong integer results wherever the macro is invoked with uppercase hex input - a class of bug common in hand-rolled parsing utilities that bypass standard library functions like strtol(). The scope of impact depends on how broadly the macro is used across the AFP request-handling code paths.

RemediationAI

Vendor-released patch: Netatalk 4.5.0, which fixes the hextoint macro to correctly process uppercase hex digits. Administrators running any Netatalk release from 2.0.0 to 4.4.2 should upgrade to 4.5.0 as the primary remediation; see the vendor advisory at https://netatalk.io/security/CVE-2026-7836 for upgrade instructions. If an immediate upgrade is not feasible, a practical compensating control is to restrict AFP service access to trusted authenticated users only - since PR:L is required, reducing the pool of users with AFP login credentials limits exposure. Disabling AFP entirely in favor of SMB (Samba) where feasible eliminates the attack surface completely, though this may disrupt legacy macOS clients that rely on AFP. No known workaround addresses the macro-level bug without patching.

CVE-2018-1160 CRITICAL POC
9.8 Dec 20

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. Rated critical severity (CVSS 9.8), th

CVE-2022-45188 HIGH POC
7.8 Nov 12

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl fi

CVE-2023-42464 CRITICAL
9.8 Sep 20

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. Rated c

CVE-2022-22995 CRITICAL
9.8 Mar 25

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of file

CVE-2021-31439 HIGH
8.8 May 21

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology Dis

CVE-2026-44069 LOW
3.9 May 21

Integer underflow in Netatalk's volxlate function affects all releases from 3.0.0 through 4.4.2, an open-source AFP (App

CVE-2026-44071 LOW
3.7 May 21

Netatalk versions 3.1.2 through 4.4.2 are distributed as binaries compiled without the FORTIFY_SOURCE flag, stripping aw

CVE-2026-44074 LOW
3.7 May 21

Incorrect errno calculation in Netatalk 2.1.0 through 4.4.2 allows remote unauthenticated attackers to cause minor servi

CVE-2026-44075 LOW
3.7 May 21

Missing break statement in Netatalk's DSI OpenSession handler allows DSIOPT_ATTNQUANT case to fall through into DSIOPT_S

CVE-2026-7837 LOW
3.7 May 21

TOCTOU race condition in Netatalk's ad_flush function across versions 3.0.0 through 4.4.2 exposes root-privileged file o

CVE-2026-44070 LOW
3.1 May 21

Unbounded realloc during charset conversion in Netatalk 2.0.0 through 4.4.2 allows an authenticated remote attacker to t

CVE-2026-7835 LOW
3.1 May 21

Format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows authenticated network attackers to cause low-seve

Share

CVE-2026-7836 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy