CVE-2026-44073
Deferred Deferred - Pending Action
Authentication Bypass in Netatalk via seteuid Failure

Publication date: 2026-05-21

Last updated on: 2026-05-21

Assigner: securin

Description
Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error conditions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-21
Generated
2026-06-10
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-09
NVD
CVE-2026-44073
EUVD
EUVD-2026-31220
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
netatalk netatalk 4.5.0
netatalk netatalk From 1.5.0 (inc) to 4.4.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-273 The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Netatalk versions 1.5.0 through 4.4.2 where the failure of the seteuid system call is ignored in authentication modules. This means that if the system call to set the effective user ID fails, the authentication modules do not properly handle this failure, potentially leading to improper privilege handling or security checks being bypassed. The issue was fixed in version 4.5.0.

Impact Analysis

The impact of this vulnerability is that an attacker might exploit the ignored seteuid failure to gain unauthorized access or escalate privileges within the system running vulnerable versions of Netatalk. According to the CVSS score of 5.0, the vulnerability has a moderate severity with potential impacts on confidentiality, integrity, and availability, meaning it could lead to partial information disclosure, modification, or disruption of service.

Mitigation Strategies

The vulnerability in Netatalk versions 1.5.0 through 4.4.2 is fixed in version 4.5.0.

To mitigate this vulnerability, you should upgrade Netatalk to version 4.5.0 or later.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44073. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart