CVE-2026-44073
Authentication Bypass in Netatalk via seteuid Failure
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: securin
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netatalk | netatalk | 4.5.0 |
| netatalk | netatalk | From 1.5.0 (inc) to 4.4.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-273 | The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Netatalk versions 1.5.0 through 4.4.2 where the failure of the seteuid system call is ignored in authentication modules. This means that if the system call to set the effective user ID fails, the authentication modules do not properly handle this failure, potentially leading to improper privilege handling or security checks being bypassed. The issue was fixed in version 4.5.0.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker might exploit the ignored seteuid failure to gain unauthorized access or escalate privileges within the system running vulnerable versions of Netatalk. According to the CVSS score of 5.0, the vulnerability has a moderate severity with potential impacts on confidentiality, integrity, and availability, meaning it could lead to partial information disclosure, modification, or disruption of service.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in Netatalk versions 1.5.0 through 4.4.2 is fixed in version 4.5.0.
To mitigate this vulnerability, you should upgrade Netatalk to version 4.5.0 or later.