Skip to main content

Netatalk CVE-2026-7837

| EUVD-2026-31245 LOW
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2026-05-21 securin GHSA-m59f-94xh-r8f7
Information Disclosure
3.7
CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 21, 2026 - 09:33 vuln.today

DescriptionNVD

A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions.

AnalysisAI

TOCTOU race condition in Netatalk's ad_flush function across versions 3.0.0 through 4.4.2 exposes root-privileged file operations to remote manipulation, enabling limited data modification under constrained timing conditions. Unauthenticated network attackers (PR:N, AV:N per CVSS) must win a precise race window, making this high-complexity and low-impact - CVSS scores it 3.7 (Low) with integrity-only consequences and no confidentiality or availability impact. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-7837 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy