netatalk.io

search netatalk.io

powered by DuckDuckGo

Netatalk Security Advisory

Subject Missing break in DSI OpenSession
CVE ID# CVE-2026-44075
Severity None
Disclosure Date 2026/05/13
Affected Versions 1.5.0 - 4.4.2
Summary A DSIOPT_ATTNQUANT switch case falls through into DSIOPT_SERVQUANT

Description

DSI session option parsing contains an unintended fall-through into an ignored option case. The Netatalk team has not found state corruption or a meaningful security impact from this behavior.

Patch Availability

Apply CVE-2026-44075.patch to a Netatalk 4.4.2 source tree to hotfix your local Netatalk deployment.

Alternatively, upgrade to Netatalk 4.5.0 or later, which includes the patch.

The Netatalk team does not encourage proactively applying the patch to existing deployments because of the low practical exploitability.

CVSS Calculation

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N (0.0)

Workaround

Least concern.

Credits

Vulnerability reported by:

@00redbeer

Patch developed by:

Daniel Markstedt of the Netatalk team

References

Go back to the Security Policy.

Valid HTML5 Valid CSS

The source code of this website is licensed under the GNU General Public License 2.0.