CVE-2026-44058
Deferred Deferred - Pending Action
Authentication Bypass in Netatalk via Admin User

Publication date: 2026-05-21

Last updated on: 2026-05-21

Assigner: securin

Description
An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-21
Generated
2026-06-10
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-09
NVD
CVE-2026-44058
EUVD
EUVD-2026-31234
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
netatalk netatalk 4.5.0
netatalk netatalk From 2.2.2 (inc) to 4.4.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Netatalk versions 2.2.2 through 4.4.2 and involves an authentication bypass via the admin authentication user. This means that an attacker could potentially bypass the normal authentication process to gain administrative access.

Impact Analysis

Exploitation of this vulnerability can lead to an attacker gaining unauthorized administrative access to the affected system. This can result in full control over the system, including the ability to read, modify, or delete sensitive data, disrupt services, or further compromise the network.

Mitigation Strategies

The vulnerability in Netatalk versions 2.2.2 through 4.4.2 allows authentication bypass via the admin auth user.

To mitigate this vulnerability, upgrade Netatalk to version 4.5.0 or later where the issue is fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44058. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart