Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
In Netatalk 2.1.0 through 4.4.2, ldap simple-bind password exposure in log output. Fixed in 4.4.3.
AnalysisAI
Information disclosure in Netatalk 2.1.0 through 4.4.2 exposes LDAP simple-bind passwords in log files, allowing any actor with read access to the affected logs to recover plaintext directory service credentials. The flaw is fixed in version 4.4.3, and no public exploit identified at time of analysis, though the CVSS 7.5 score reflects the high confidentiality impact of leaked bind credentials.
Technical ContextAI
Netatalk is an open-source implementation of the Apple Filing Protocol (AFP) suite, used to provide file and print services to macOS/Apple clients from Unix-like servers. When configured with LDAP-based user lookups (commonly via afpd's UAMs or auxiliary modules), Netatalk performs an LDAP simple-bind, which transmits the bind DN's password as cleartext over the LDAP connection. The CWE-532 (Insertion of Sensitive Information into Log File) root cause means the daemon writes this simple-bind password into its log output rather than redacting it, so the secret persists wherever logs are collected (local syslog, rsyslog forwarders, SIEM indexes, log archives). The affected CPE is cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*, with the vendor advisory at netatalk.io/security/CVE-2026-44052 designating the 4.4.x branch as the supported fix line.
RemediationAI
Vendor-released patch: Netatalk 4.4.3 - upgrade to this version per the advisory at https://netatalk.io/security/CVE-2026-44052 to ensure simple-bind passwords are redacted from log output. As an immediate compensating control before upgrade, rotate the LDAP bind account password (since prior log contents may already contain it), restrict file-system and SIEM permissions on any Netatalk log destinations to the minimum operators required, and purge or scrub historical log archives that may contain the cleartext credential. Where upgrade is delayed, reduce afpd logging verbosity to suppress the offending log lines (trade-off: loss of diagnostic detail for authentication troubleshooting) and consider switching to SASL/GSSAPI bind mechanisms which avoid sending a static password, or moving authentication off LDAP simple-bind entirely (trade-off: requires Kerberos or alternate UAM infrastructure).
Same technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 12 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 | Fixed |
| SUSE Linux Enterprise Server 12 SP1 | Fixed |
| SUSE Linux Enterprise Server 12 SP2 | Fixed |
| SUSE Linux Enterprise Server 12 SP3 | Fixed |
| SUSE Linux Enterprise Server 12 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP1 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP2 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP3 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP4 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31227
GHSA-j6x4-pjr7-hwq4