Skip to main content

Netatalk EUVDEUVD-2026-31243

| CVE-2026-44057 LOW
Dead Code (CWE-561)
2026-05-21 securin GHSA-w95q-jvf4-8fvp
3.1
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.1 LOW
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 21, 2026 - 09:32 vuln.today

DescriptionCVE.org

A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via crafted Spotlight RPC requests.

AnalysisAI

Information disclosure in Netatalk 3.0.0 through 4.4.2 stems from a dead bounds check (CWE-561) in the Spotlight RPC unmarshaller - code intended to enforce input boundaries is logically unreachable, leaving RPC input processing without effective size validation. Remote attackers who hold at least low-level credentials can submit crafted Spotlight RPC requests to extract limited confidential information from the service. No public exploit has been identified at time of analysis, and the CVSS 3.1 score correctly reflects the constrained real-world impact: high attack complexity, authentication required, and confidentiality-only impact with no integrity or availability consequence.

Technical ContextAI

Netatalk is an open-source implementation of the Apple Filing Protocol (AFP) for Unix-like systems, providing macOS-compatible file sharing including Spotlight-based remote search via its RPC subsystem. The Spotlight RPC unmarshaller is responsible for parsing and validating incoming search requests from macOS clients. CWE-561 (Dead Code) identifies the root cause: bounds-checking logic exists in the source code but sits behind a conditional that can never evaluate to true given prior code paths, rendering the check permanently unreachable at runtime. The practical result is that the unmarshaller processes attacker-supplied RPC data without the intended boundary enforcement. The affected CPE is cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* covering the version range 3.0.0 through 4.4.2 as confirmed by ENISA EUVD-2026-31243.

RemediationAI

Consult the vendor advisory at https://netatalk.io/security/CVE-2026-44057 for the official patch; an exact fixed version number was not independently confirmed in the available intelligence data, so administrators should check the advisory directly for the minimum safe version. As a compensating control while patching is planned, disable Spotlight RPC functionality in Netatalk if macOS Spotlight search integration over network shares is not operationally required - this eliminates the vulnerable code path entirely, with the trade-off of losing macOS Finder search capability against AFP shares. Additionally, restrict AFP service access (TCP port 548 and associated Spotlight RPC ports) at the network perimeter to only authorized, trusted hosts and authenticated user accounts, reducing exposure to the PR:L authentication threshold. Monitoring for anomalous or high-volume Spotlight RPC request patterns may help detect exploitation attempts given the AC:H requirement for crafted payloads.

CVE-2018-1160 CRITICAL POC
9.8 Dec 20

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. Rated critical severity (CVSS 9.8), th

CVE-2022-45188 HIGH POC
7.8 Nov 12

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl fi

CVE-2023-42464 CRITICAL
9.8 Sep 20

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. Rated c

CVE-2022-22995 CRITICAL
9.8 Mar 25

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of file

CVE-2021-31439 HIGH
8.8 May 21

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology Dis

CVE-2026-44069 LOW
3.9 May 21

Integer underflow in Netatalk's volxlate function affects all releases from 3.0.0 through 4.4.2, an open-source AFP (App

CVE-2026-44071 LOW
3.7 May 21

Netatalk versions 3.1.2 through 4.4.2 are distributed as binaries compiled without the FORTIFY_SOURCE flag, stripping aw

CVE-2026-44074 LOW
3.7 May 21

Incorrect errno calculation in Netatalk 2.1.0 through 4.4.2 allows remote unauthenticated attackers to cause minor servi

CVE-2026-44075 LOW
3.7 May 21

Missing break statement in Netatalk's DSI OpenSession handler allows DSIOPT_ATTNQUANT case to fall through into DSIOPT_S

CVE-2026-7837 LOW
3.7 May 21

TOCTOU race condition in Netatalk's ad_flush function across versions 3.0.0 through 4.4.2 exposes root-privileged file o

CVE-2026-44070 LOW
3.1 May 21

Unbounded realloc during charset conversion in Netatalk 2.0.0 through 4.4.2 allows an authenticated remote attacker to t

CVE-2026-7835 LOW
3.1 May 21

Format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows authenticated network attackers to cause low-seve

Share

EUVD-2026-31243 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy