CVE-2026-44051
Received
Received - Intake
Arbitrary File Read via Symlink in Netatalk
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: securin
Description
Description
An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netatalk | netatalk | From 3.0.2 (inc) to 4.4.2|end_including=4.4.3 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Netatalk versions 3.0.2 through 4.4.2 and allows an attacker to read arbitrary files by creating attacker-controlled symbolic links (symlinks). This means that an attacker can manipulate the system to access files they should not be able to read.
The issue was fixed in version 4.4.3 of Netatalk.
How can this vulnerability impact me? :
This vulnerability can have a significant impact because it allows an attacker to read sensitive files without proper authorization.
- Confidential information could be exposed.
- It could lead to a breach of data confidentiality.
- The CVSS score of 8.1 indicates a high severity, meaning the vulnerability is relatively easy to exploit and can cause a high impact on confidentiality and integrity.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70