netatalk.io

search netatalk.io

powered by DuckDuckGo

Netatalk Security Advisory

Subject Bitwise OR of errno values
CVE ID# CVE-2026-44074
Severity None
Disclosure Date 2026/05/13
Affected Versions 2.1.0 - 4.4.2
Summary ACL error handling compares errno against a bitwise OR of two error constants

Description

ACL error handling compares permission errors incorrectly, which can produce wrong AFP error mapping. The Netatalk team considers this a correctness issue without meaningful independent security impact.

Patch Availability

Apply CVE-2026-44074.patch to a Netatalk 4.4.2 source tree to hotfix your local Netatalk deployment.

Alternatively, upgrade to Netatalk 4.5.0 or later, which includes the patch.

The Netatalk team does not encourage proactively applying the patch to existing deployments because of the low practical exploitability.

CVSS Calculation

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N (0.0)

Workaround

Least concern.

Credits

Vulnerability reported by:

@00redbeer

Patch developed by:

Daniel Markstedt of the Netatalk team

References

Go back to the Security Policy.

Valid HTML5 Valid CSS

The source code of this website is licensed under the GNU General Public License 2.0.