CVE-2026-44057
Out-of-Bounds Access in Netatalk via Spotlight RPC
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: securin
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netatalk | netatalk | From 3.0.0 (inc) to 4.4.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-561 | The product contains dead code, which can never be executed. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a dead bounds check in the Spotlight RPC unmarshaller component of Netatalk versions 3.0.0 through 4.4.2. A dead bounds check means that the code intended to prevent out-of-bounds access is ineffective because it leads to an unreachable code path. As a result, the bounds protection does not work as expected.
This flaw may allow a remote authenticated attacker to send specially crafted Spotlight RPC requests that exploit this weakness to obtain limited information from the system.
How can this vulnerability impact me? :
The impact of this vulnerability is limited information disclosure. A remote attacker who is authenticated can exploit the dead bounds check to gain access to some information that should otherwise be protected.
The CVSS score of 3.1 indicates a low severity impact, with no impact on integrity or availability, and only limited impact on confidentiality.