Incomplete Sanitization Vulnerability in Netatalk Affects Multiple Versions
CVE-2026-44068

7.6HIGH

Key Information:

Vendor: Netatalk
Status: Netatalk
Vendor: CVE Published:; 21 May 2026

What is CVE-2026-44068?

The vulnerability occurs due to an inadequate sanitization of the extended attribute (EA) path components in Netatalk versions 2.1.0 to 4.4.2. An authenticated remote attacker could exploit this flaw to write to files outside the intended metadata namespace by crafting malicious EA names. This can lead to unauthorized data manipulation or exposure, posing a significant risk to system integrity.

Affected Version(s)

Netatalk 2.1.0 <= 4.4.2

Netatalk 4.4.3

References

https://netatalk.io/security/CVE-2026-44068

vendor-advisory

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
May 5, 2026

Credit

Arjun Basnet from Securin

CVE-2026-44068 Data

JSON