CVE-2026-44071
Deferred Deferred - Pending Action
Netatalk Buffer Overflow Protection Bypass via Missing FORTIFY_SOURCE

Publication date: 2026-05-21

Last updated on: 2026-05-21

Assigner: securin

Description
Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of service via memory errors that would otherwise be caught and safely terminated by runtime protection.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-21
Generated
2026-06-10
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-09
NVD
CVE-2026-44071
EUVD
EUVD-2026-31241
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
netatalk netatalk From 3.1.2 (inc) to 4.4.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Netatalk versions 3.1.2 through 4.4.2 because the software is compiled without the FORTIFY_SOURCE feature enabled. FORTIFY_SOURCE is a security mechanism that provides built-in detection of buffer overflow errors at runtime. Without it, certain memory errors that would normally be caught and safely handled can go undetected.

As a result, a remote attacker could exploit this lack of protection to cause a minor denial of service by triggering memory errors that crash or disrupt the application.

Impact Analysis

The primary impact of this vulnerability is a minor denial of service (DoS). An attacker can remotely cause the Netatalk service to crash or become unavailable by exploiting memory errors that are not detected due to the missing FORTIFY_SOURCE protection.

This could lead to temporary disruption of services relying on Netatalk, affecting availability but not confidentiality or integrity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44071. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart