Logic Error in Netatalk Affects Remote Command Execution
CVE-2026-44055

7.5HIGH

Key Information:

Vendor: Netatalk
Status: Netatalk
Vendor: CVE Published:; 21 May 2026

What is CVE-2026-44055?

A logic error involving bitwise OR operations in specific versions of Netatalk has created a significant vulnerability, allowing remote authenticated attackers to inject OS commands and potentially execute arbitrary code. This flaw underscores the importance of securing software applications against unauthorized command execution, particularly in environments where sensitive data is handled.

Affected Version(s)

Netatalk 3.1.4 <= 4.4.2

Netatalk 4.4.3

References

https://netatalk.io/security/CVE-2026-44055

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
May 5, 2026

Credit

Arjun Basnet from Securin

CVE-2026-44055 Data

JSON