Skip to main content

Netatalk EUVDEUVD-2026-31212

| CVE-2026-44066 HIGH
Out-of-bounds Read (CWE-125)
2026-05-21 securin GHSA-93hj-5v8r-h26w
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
May 21, 2026 - 08:04 vuln.today

DescriptionCVE.org

In Netatalk 3.1.0 through 4.4.2, heap out-of-bounds reads in spotlight rpc unmarshalling. Fixed in 4.4.3.

AnalysisAI

Heap out-of-bounds read in Netatalk 3.1.0 through 4.4.2 allows authenticated remote attackers to disclose sensitive memory contents and potentially crash the daemon by sending malformed Spotlight RPC requests. The flaw stems from improper bounds checking during Spotlight RPC unmarshalling and is fixed in version 4.4.3. No public exploit identified at time of analysis, and there is no evidence of active exploitation in CISA KEV.

Technical ContextAI

Netatalk is an open-source implementation of the Apple Filing Protocol (AFP) used to provide file-sharing services to macOS clients on Linux/BSD/Unix servers, commonly deployed on NAS appliances (Synology, QNAP, TrueNAS) and Time Machine backup targets. The vulnerable code path resides in the Spotlight RPC subsystem, which Netatalk exposes to allow macOS clients to perform server-side metadata searches via the same AFP/DSI session. CWE-125 (Out-of-bounds Read) here describes a parser that consumes attacker-controlled length or offset fields from a serialized Spotlight RPC message and reads heap memory past the bounds of the intended buffer, leaking adjacent heap contents or triggering a segmentation fault. The affected CPE is cpe:2.3:a:netatalk:netatalk for all versions in the 3.1.0-4.4.2 range.

RemediationAI

Vendor-released patch: Netatalk 4.4.3 - upgrade to this version or later, per the upstream advisory at https://netatalk.io/security/CVE-2026-44066. On appliances where you cannot immediately install 4.4.3 (NAS firmware that bundles Netatalk), the most effective compensating control is to disable Spotlight indexing in afp.conf by removing 'spotlight = yes' from the [Global] or per-volume sections and restarting afpd; this eliminates the vulnerable RPC handler at the cost of losing server-side macOS search. Where Spotlight cannot be disabled, restrict afpd's TCP port 548 to trusted client subnets via firewall rules and require strong AFP authentication to raise the bar against the PR:L precondition, accepting that any compromised user account is still sufficient to trigger the bug. Monitor vendor firmware channels (Synology, QNAP, TrueNAS, Debian/Ubuntu security trackers) for backported fixes referencing CVE-2026-44066.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Server 12 SP5 Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security Fixed
SUSE Linux Enterprise Server for SAP Applications 12 SP5 Fixed
SUSE Linux Enterprise Desktop 12 Fixed

Share

EUVD-2026-31212 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy