Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
In Netatalk 3.1.4 through 4.4.2, bitwise or logic bug enables shell injection. Fixed in 4.4.3.
AnalysisAI
Shell injection in Netatalk 3.1.4 through 4.4.2 allows authenticated remote attackers to execute arbitrary OS commands through a bitwise-OR logic flaw, achieving full confidentiality, integrity, and availability impact (CVSS 7.5). Netatalk is the open-source AFP (Apple Filing Protocol) server commonly deployed on Linux/BSD NAS appliances to share files with macOS clients. The flaw was fixed in version 4.4.3; no public exploit identified at time of analysis and the issue is not currently in CISA KEV.
Technical ContextAI
Netatalk implements Apple Filing Protocol services (afpd, cnid_metad) used to expose Unix file systems to macOS clients and is bundled into many commercial NAS firmwares (Synology, QNAP, etc.). The root cause is CWE-78 (Improper Neutralization of Special Elements used in an OS Command), introduced by a bitwise-OR logic error in code that constructs or evaluates a command string. Per the vendor advisory at netatalk.io/security/CVE-2026-44055 the defect chain leads to attacker-controlled input being passed unsanitized into a shell context, enabling arbitrary command execution within whichever process spawned the shell. The affected CPE is cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* across the 3.1.4-4.4.2 range.
RemediationAI
Upgrade to Netatalk 4.4.3 or later, which contains the upstream fix per the vendor advisory at https://netatalk.io/security/CVE-2026-44055 (Vendor-released patch: 4.4.3). For appliances where the user cannot replace the bundled binary directly, monitor the NAS vendor's security feed for a firmware update incorporating 4.4.3 and apply it as soon as released. Until patched, compensating controls include restricting afpd network exposure to trusted management VLANs via host firewall rules on TCP/548, disabling the AFP service entirely on hosts where SMB can substitute (note: this breaks Time Machine over AFP and legacy macOS client compatibility), and tightening authentication so that the PR:L precondition cannot be satisfied by anonymous/guest accounts (review uams configuration and disable uams_guest.so if enabled).
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 12 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 | Fixed |
| SUSE Linux Enterprise Server 12 SP1 | Fixed |
| SUSE Linux Enterprise Server 12 SP2 | Fixed |
| SUSE Linux Enterprise Server 12 SP3 | Fixed |
| SUSE Linux Enterprise Server 12 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP1 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP2 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP3 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP4 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31230
GHSA-2jff-6g6p-wr79