Skip to main content

Netatalk EUVDEUVD-2026-31227

| CVE-2026-44052 HIGH
Insertion of Sensitive Information into Log File (CWE-532)
2026-05-21 securin GHSA-j6x4-pjr7-hwq4
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 21, 2026 - 08:02 vuln.today

DescriptionCVE.org

In Netatalk 2.1.0 through 4.4.2, ldap simple-bind password exposure in log output. Fixed in 4.4.3.

AnalysisAI

Information disclosure in Netatalk 2.1.0 through 4.4.2 exposes LDAP simple-bind passwords in log files, allowing any actor with read access to the affected logs to recover plaintext directory service credentials. The flaw is fixed in version 4.4.3, and no public exploit identified at time of analysis, though the CVSS 7.5 score reflects the high confidentiality impact of leaked bind credentials.

Technical ContextAI

Netatalk is an open-source implementation of the Apple Filing Protocol (AFP) suite, used to provide file and print services to macOS/Apple clients from Unix-like servers. When configured with LDAP-based user lookups (commonly via afpd's UAMs or auxiliary modules), Netatalk performs an LDAP simple-bind, which transmits the bind DN's password as cleartext over the LDAP connection. The CWE-532 (Insertion of Sensitive Information into Log File) root cause means the daemon writes this simple-bind password into its log output rather than redacting it, so the secret persists wherever logs are collected (local syslog, rsyslog forwarders, SIEM indexes, log archives). The affected CPE is cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*, with the vendor advisory at netatalk.io/security/CVE-2026-44052 designating the 4.4.x branch as the supported fix line.

RemediationAI

Vendor-released patch: Netatalk 4.4.3 - upgrade to this version per the advisory at https://netatalk.io/security/CVE-2026-44052 to ensure simple-bind passwords are redacted from log output. As an immediate compensating control before upgrade, rotate the LDAP bind account password (since prior log contents may already contain it), restrict file-system and SIEM permissions on any Netatalk log destinations to the minimum operators required, and purge or scrub historical log archives that may contain the cleartext credential. Where upgrade is delayed, reduce afpd logging verbosity to suppress the offending log lines (trade-off: loss of diagnostic detail for authentication troubleshooting) and consider switching to SASL/GSSAPI bind mechanisms which avoid sending a static password, or moving authentication off LDAP simple-bind entirely (trade-off: requires Kerberos or alternate UAM infrastructure).

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Server 12 SP5 Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security Fixed
SUSE Linux Enterprise Server for SAP Applications 12 SP5 Fixed
SUSE Linux Enterprise Desktop 12 Fixed

Share

EUVD-2026-31227 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy