Error Handling Flaw in Netatalk Affecting Multiple Versions
CVE-2026-44074

3.7LOW

Key Information:

Vendor

Netatalk

Status
Netatalk
Vendor
CVE Published:
21 May 2026

What is CVE-2026-44074?

Netatalk versions ranging from 2.1.0 up to 4.4.2 are susceptible to a notable error handling flaw that arises from the improper combination of multiple errno values using bitwise OR. This oversight can generate incorrect error codes, particularly when different error states occur simultaneously. Consequently, a remote attacker may exploit this vulnerability to induce minor disruptions in service, manipulating error-handling paths in unforeseen ways, potentially compromising system integrity.

Affected Version(s)

Netatalk 2.1.0 <= 4.4.2

Netatalk 4.5.0

References

https://netatalk.io/security/CVE-2026-44074
vendor-advisory

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Arjun Basnet from Securin
.