Skip to main content

Netatalk

15 CVEs product

Monthly

CVE-2026-7837 LOW Monitor

TOCTOU race condition in Netatalk's ad_flush function across versions 3.0.0 through 4.4.2 exposes root-privileged file operations to remote manipulation, enabling limited data modification under constrained timing conditions. Unauthenticated network attackers (PR:N, AV:N per CVSS) must win a precise race window, making this high-complexity and low-impact - CVSS scores it 3.7 (Low) with integrity-only consequences and no confidentiality or availability impact. No public exploit code exists and the vulnerability is not confirmed actively exploited in CISA KEV at time of analysis.

Information Disclosure Netatalk
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-44075 LOW Monitor

Missing break statement in Netatalk's DSI OpenSession handler allows DSIOPT_ATTNQUANT case to fall through into DSIOPT_SERVQUANT processing, affecting versions 1.5.0 through 4.4.2. An unauthenticated remote attacker can send a crafted DSI session options packet to trigger unintended session option handling, resulting in minor service disruption. No public exploit identified at time of analysis, and the High attack complexity rating (AC:H) constrains real-world exploitation to adversaries capable of precise DSI packet construction.

Information Disclosure Netatalk
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2026-44074 LOW Monitor

Incorrect errno calculation in Netatalk 2.1.0 through 4.4.2 allows remote unauthenticated attackers to cause minor service disruption by triggering simultaneous error conditions that produce invalid composite error codes via bitwise OR misuse. The flaw (CWE-682, Incorrect Calculation) diverts execution into incorrect error-handling paths within the AFP file-sharing service, affecting availability at a low level (A:L) with no confidentiality or integrity impact. No public exploit or active exploitation has been identified at time of analysis; the CVSS score of 3.7 (Low) and high attack complexity (AC:H) reflect a limited real-world threat.

Information Disclosure Netatalk
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2026-44071 LOW Monitor

Netatalk versions 3.1.2 through 4.4.2 are distributed as binaries compiled without the FORTIFY_SOURCE flag, stripping away runtime buffer overflow detection that the compiler would otherwise embed into unsafe C standard library calls. Remote unauthenticated attackers can, under high-complexity conditions, trigger memory errors that the absent protection would have safely caught and terminated, instead manifesting as minor availability impact (CVSS A:L). No public exploit code exists and CISA has not added this to the KEV catalog; the CVSS score of 3.7 (Low) reflects the limited impact ceiling and high attack complexity.

Denial Of Service Buffer Overflow Netatalk
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2026-44057 LOW Monitor

Information disclosure in Netatalk 3.0.0 through 4.4.2 stems from a dead bounds check (CWE-561) in the Spotlight RPC unmarshaller - code intended to enforce input boundaries is logically unreachable, leaving RPC input processing without effective size validation. Remote attackers who hold at least low-level credentials can submit crafted Spotlight RPC requests to extract limited confidential information from the service. No public exploit has been identified at time of analysis, and the CVSS 3.1 score correctly reflects the constrained real-world impact: high attack complexity, authentication required, and confidentiality-only impact with no integrity or availability consequence.

Information Disclosure Netatalk
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-7836 LOW Monitor

Incorrect hexadecimal-to-integer conversion in Netatalk 2.0.0 through 4.4.2 stems from a macro that fails to handle uppercase hex digits (A-F) correctly, producing wrong integer values during AFP protocol processing. An authenticated remote attacker with low privileges can exploit the flaw under high-complexity conditions to cause minor integrity corruption - for example, corrupted filename or attribute encoding. No public exploit code exists and the vulnerability is not listed in CISA KEV, making real-world exploitation unlikely in most environments. Fixed in Netatalk 4.5.0.

Information Disclosure Netatalk
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-7835 LOW Monitor

Format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows authenticated network attackers to cause low-severity availability disruption, with a secondary reporter-assessed potential for memory content disclosure. The root cause is CWE-134 (Use of Externally-Controlled Format String), a class known to enable stack and heap memory leakage via injected format specifiers - a risk flagged by securin's 'Information Disclosure' tag that is not fully reflected in the CVSS vector (C:N). No public exploit identified at time of analysis; vendor-released patch is available in version 4.5.0.

Information Disclosure Netatalk
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2026-44072 LOW Monitor

OS command injection in Netatalk 2.2.1 through 4.4.2 arises from a code path that invokes system() after a failed chdir() call, classified under CWE-78. Exploitation requires local access with high privileges and high attack complexity, and yields only low-integrity and low-availability impact with no confidentiality exposure, reflected in the CVSS score of 2.5. No public exploit code and no CISA KEV listing have been identified at time of analysis; a vendor-released fix is available in version 4.5.0.

Command Injection Netatalk
NVD
CVSS 3.1
3.0
EPSS
0.0%
CVE-2026-44070 LOW Monitor

Unbounded realloc during charset conversion in Netatalk 2.0.0 through 4.4.2 allows an authenticated remote attacker to trigger excessive memory allocation, resulting in limited availability impact. The flaw is classified under CWE-770 (resource allocation without limits) and carries a low CVSS score of 3.1, reflecting constrained exploitability due to high attack complexity and required authentication. No public exploit code or active exploitation has been identified at time of analysis; a fix was released in version 4.5.0.

Denial Of Service Netatalk
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2026-44069 LOW Monitor

Integer underflow in Netatalk's volxlate function affects all releases from 3.0.0 through 4.4.2, an open-source AFP (Apple Filing Protocol) file server widely deployed on Linux/Unix systems serving macOS clients. Exploitation is constrained to local, highly-privileged attackers under high-complexity conditions, yielding only limited confidentiality, integrity, and availability impact (CVSS 3.4). No active exploitation is confirmed (not listed in CISA KEV), and no public exploit identified at time of analysis.

Information Disclosure Integer Overflow Netatalk
NVD
CVSS 3.1
3.9
EPSS
0.0%
CVE-2023-42464 CRITICAL PATCH Act Now

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Netatalk Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-45188 HIGH POC This Week

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Netatalk Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-22995 CRITICAL Act Now

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE My Cloud Pr2100 Firmware My Cloud Pr4100 Firmware My Cloud Ex4100 Firmware My Cloud Ex2 Ultra Firmware +9
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-31439 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Synology Heap Overflow RCE Diskstation Manager +2
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2018-1160 CRITICAL POC THREAT Act Now

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Netatalk Router Manager +4
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
86.5%
EPSS 0% CVSS 3.7
LOW Monitor

TOCTOU race condition in Netatalk's ad_flush function across versions 3.0.0 through 4.4.2 exposes root-privileged file operations to remote manipulation, enabling limited data modification under constrained timing conditions. Unauthenticated network attackers (PR:N, AV:N per CVSS) must win a precise race window, making this high-complexity and low-impact - CVSS scores it 3.7 (Low) with integrity-only consequences and no confidentiality or availability impact. No public exploit code exists and the vulnerability is not confirmed actively exploited in CISA KEV at time of analysis.

Information Disclosure Netatalk
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Missing break statement in Netatalk's DSI OpenSession handler allows DSIOPT_ATTNQUANT case to fall through into DSIOPT_SERVQUANT processing, affecting versions 1.5.0 through 4.4.2. An unauthenticated remote attacker can send a crafted DSI session options packet to trigger unintended session option handling, resulting in minor service disruption. No public exploit identified at time of analysis, and the High attack complexity rating (AC:H) constrains real-world exploitation to adversaries capable of precise DSI packet construction.

Information Disclosure Netatalk
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Incorrect errno calculation in Netatalk 2.1.0 through 4.4.2 allows remote unauthenticated attackers to cause minor service disruption by triggering simultaneous error conditions that produce invalid composite error codes via bitwise OR misuse. The flaw (CWE-682, Incorrect Calculation) diverts execution into incorrect error-handling paths within the AFP file-sharing service, affecting availability at a low level (A:L) with no confidentiality or integrity impact. No public exploit or active exploitation has been identified at time of analysis; the CVSS score of 3.7 (Low) and high attack complexity (AC:H) reflect a limited real-world threat.

Information Disclosure Netatalk
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Netatalk versions 3.1.2 through 4.4.2 are distributed as binaries compiled without the FORTIFY_SOURCE flag, stripping away runtime buffer overflow detection that the compiler would otherwise embed into unsafe C standard library calls. Remote unauthenticated attackers can, under high-complexity conditions, trigger memory errors that the absent protection would have safely caught and terminated, instead manifesting as minor availability impact (CVSS A:L). No public exploit code exists and CISA has not added this to the KEV catalog; the CVSS score of 3.7 (Low) reflects the limited impact ceiling and high attack complexity.

Denial Of Service Buffer Overflow Netatalk
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Information disclosure in Netatalk 3.0.0 through 4.4.2 stems from a dead bounds check (CWE-561) in the Spotlight RPC unmarshaller - code intended to enforce input boundaries is logically unreachable, leaving RPC input processing without effective size validation. Remote attackers who hold at least low-level credentials can submit crafted Spotlight RPC requests to extract limited confidential information from the service. No public exploit has been identified at time of analysis, and the CVSS 3.1 score correctly reflects the constrained real-world impact: high attack complexity, authentication required, and confidentiality-only impact with no integrity or availability consequence.

Information Disclosure Netatalk
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Incorrect hexadecimal-to-integer conversion in Netatalk 2.0.0 through 4.4.2 stems from a macro that fails to handle uppercase hex digits (A-F) correctly, producing wrong integer values during AFP protocol processing. An authenticated remote attacker with low privileges can exploit the flaw under high-complexity conditions to cause minor integrity corruption - for example, corrupted filename or attribute encoding. No public exploit code exists and the vulnerability is not listed in CISA KEV, making real-world exploitation unlikely in most environments. Fixed in Netatalk 4.5.0.

Information Disclosure Netatalk
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows authenticated network attackers to cause low-severity availability disruption, with a secondary reporter-assessed potential for memory content disclosure. The root cause is CWE-134 (Use of Externally-Controlled Format String), a class known to enable stack and heap memory leakage via injected format specifiers - a risk flagged by securin's 'Information Disclosure' tag that is not fully reflected in the CVSS vector (C:N). No public exploit identified at time of analysis; vendor-released patch is available in version 4.5.0.

Information Disclosure Netatalk
NVD
EPSS 0% CVSS 3.0
LOW Monitor

OS command injection in Netatalk 2.2.1 through 4.4.2 arises from a code path that invokes system() after a failed chdir() call, classified under CWE-78. Exploitation requires local access with high privileges and high attack complexity, and yields only low-integrity and low-availability impact with no confidentiality exposure, reflected in the CVSS score of 2.5. No public exploit code and no CISA KEV listing have been identified at time of analysis; a vendor-released fix is available in version 4.5.0.

Command Injection Netatalk
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Unbounded realloc during charset conversion in Netatalk 2.0.0 through 4.4.2 allows an authenticated remote attacker to trigger excessive memory allocation, resulting in limited availability impact. The flaw is classified under CWE-770 (resource allocation without limits) and carries a low CVSS score of 3.1, reflecting constrained exploitability due to high attack complexity and required authentication. No public exploit code or active exploitation has been identified at time of analysis; a fix was released in version 4.5.0.

Denial Of Service Netatalk
NVD
EPSS 0% CVSS 3.9
LOW Monitor

Integer underflow in Netatalk's volxlate function affects all releases from 3.0.0 through 4.4.2, an open-source AFP (Apple Filing Protocol) file server widely deployed on Linux/Unix systems serving macOS clients. Exploitation is constrained to local, highly-privileged attackers under high-complexity conditions, yielding only limited confidentiality, integrity, and availability impact (CVSS 3.4). No active exploitation is confirmed (not listed in CISA KEV), and no public exploit identified at time of analysis.

Information Disclosure Integer Overflow Netatalk
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Netatalk +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow +3
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE My Cloud Pr2100 Firmware My Cloud Pr4100 Firmware +11
NVD
EPSS 2% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Synology Heap Overflow +4
NVD
EPSS 87% CVSS 9.8
CRITICAL POC THREAT Act Now

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow +6
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy