Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
3.9 LOW
CVE-2026-44069 — Integer underflow in volxlate

An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption vi…

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.6 HIGH
CVE-2026-44068 — EA path traversal via incomplete sanitization

Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via…

Remote | Path Traversal
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
4.2 MEDIUM
CVE-2026-44067 — EA header parsing heap over-read

A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via…

Remote | Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-44066 — Heap out-of-bounds reads in Spotlight RPC unmarshalling

Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor servic…

Remote | Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
4.2 MEDIUM
CVE-2026-44065 — Off-by-two in papd lp_write()

An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data.

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.1 HIGH
CVE-2026-44064 — ASP session ID out-of-bounds access

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request.

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
4.2 MEDIUM
CVE-2026-44063 — LDAP filter injection

An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted fil…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.5 HIGH
CVE-2026-44062 — Missing o_len bounds check in pull_charset_flags()

A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted …

Remote | Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.9 MEDIUM
CVE-2026-44061 — DES-ECB auth with timing side channel

Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis.

Remote | Authentication
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.5 HIGH
CVE-2026-44060 — Integer underflow in dsi_writeinit() leads to denial of service

An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request.

Remote | Denial of Service
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
4.5 MEDIUM
CVE-2026-44059 — Non-reentrant privilege toggle

A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption.

| Authentication
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.2 HIGH
CVE-2026-44058 — Authentication bypass via admin auth user

An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism.

Remote | Authentication
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
6.4 MEDIUM
CVE-2026-44056 — Stack buffer overflow in desktop.c

A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data.

Remote | Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.5 HIGH
CVE-2026-44055 — Bitwise OR logic bug enables shell injection

A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code.

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
6.5 MEDIUM
CVE-2026-44054 — Predictable afpd session token

Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect m…

Remote | Authentication
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.4 HIGH
CVE-2026-44053 — Weak cryptography in DHCAST128 UAM

Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic at…

Remote | Cryptography
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.5 HIGH
CVE-2026-44052 — LDAP simple-bind password exposure in log output

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.

Remote | Information Disclosure
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
8.1 HIGH
CVE-2026-44051 — Arbitrary file read via attacker-controlled symlink creation

An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink c…

Remote | Path Traversal
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
9.9 CRITICAL
CVE-2026-44050 — Heap buffer overflow in CNID daemon comm_rcv()

A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause…

Remote | Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.5 HIGH
CVE-2026-44049 — Out-of-bounds write in convert_charset() null termination

An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of serv…

Remote | Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
Showing 20 of 6440 Results