netatalk.io

search netatalk.io

powered by DuckDuckGo

Netatalk Security Advisory

Subject FORTIFY_SOURCE disabled
CVE ID# CVE-2026-44071
Severity None
Disclosure Date 2026/05/13
Affected Versions 3.1.2 - 4.4.2
Summary The MySQL CNID source file disables compiler fortification checks

Description

The MySQL CNID backend disables a compiler hardening feature for one source module. This weakens exploit mitigations in that backend but is not independently exploitable.

Patch Availability

Apply CVE-2026-44071.patch to a Netatalk 4.4.2 source tree to hotfix your local Netatalk deployment.

Alternatively, upgrade to Netatalk 4.5.0 or later, which includes the patch.

The Netatalk team does not encourage proactively applying the patch to existing deployments because of the low practical exploitability.

CVSS Calculation

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N (0.0)

Workaround

Least concern.

Credits

Vulnerability reported by:

@00redbeer

Patch developed by:

Daniel Markstedt of the Netatalk team

References

Go back to the Security Policy.

Valid HTML5 Valid CSS

The source code of this website is licensed under the GNU General Public License 2.0.