CVE-2026-44057
Deferred Deferred - Pending Action
Out-of-Bounds Access in Netatalk via Spotlight RPC

Publication date: 2026-05-21

Last updated on: 2026-05-21

Assigner: securin

Description
A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via crafted Spotlight RPC requests.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-21
Generated
2026-06-10
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-09
NVD
CVE-2026-44057
EUVD
EUVD-2026-31243
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
netatalk netatalk From 3.0.0 (inc) to 4.4.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-561 The product contains dead code, which can never be executed.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a dead bounds check in the Spotlight RPC unmarshaller component of Netatalk versions 3.0.0 through 4.4.2. A dead bounds check means that the code intended to prevent out-of-bounds access is ineffective because it leads to an unreachable code path. As a result, the bounds protection does not work as expected.

This flaw may allow a remote authenticated attacker to send specially crafted Spotlight RPC requests that exploit this weakness to obtain limited information from the system.

Impact Analysis

The impact of this vulnerability is limited information disclosure. A remote attacker who is authenticated can exploit the dead bounds check to gain access to some information that should otherwise be protected.

The CVSS score of 3.1 indicates a low severity impact, with no impact on integrity or availability, and only limited impact on confidentiality.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44057. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart