Insufficient Sanitization of Volume Paths in Netatalk by Netatalk
CVE-2026-44076

6.7MEDIUM

Key Information:

Vendor: Netatalk
Status: Netatalk
Vendor: CVE Published:; 21 May 2026

What is CVE-2026-44076?

The vulnerability in Netatalk arises from inadequate sanitization of volume paths, which enables a local privileged user to craft malicious volume paths. This flaw allows the injection of OS commands, potentially leading to the execution of arbitrary code within the system. This could compromise the integrity and security of the affected systems, making it crucial for users to upgrade to the latest versions and apply necessary patches.

Affected Version(s)

Netatalk 3.1.0 <= 4.4.2

Netatalk 4.4.3

References

https://netatalk.io/security/CVE-2026-44076

vendor-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
May 5, 2026

Credit

Arjun Basnet from Securin

CVE-2026-44076 Data

JSON