CVE-2026-44075
Deferred Deferred - Pending Action

Missing Break in DSI Session Handling in Netatalk

Publication date: 2026-05-21

Last updated on: 2026-05-21

Assigner: securin

Description
A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service disruption via crafted DSI session options.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-21
Last Modified
2026-05-21
Generated
2026-06-30
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-29
NVD
CVE-2026-44075
EUVD
EUVD-2026-31246

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
netatalk netatalk From 1.5.0 (inc) to 4.4.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-484 The product omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the programmer only intended to execute code associated with one condition.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is caused by a missing break statement in the DSI OpenSession processing code of Netatalk versions 1.5.0 through 4.4.2. Specifically, in the DSIOPT_ATTNQUANT switch case, the absence of a break causes the execution to fall through into the DSIOPT_SERVQUANT case unintentionally. This leads to improper handling of session options.

As a result, a remote attacker can exploit this flaw by sending specially crafted DSI session options, which may cause a minor disruption of the service.

Impact Analysis

The impact of this vulnerability is limited to a minor service disruption. A remote attacker could exploit the flaw to cause the Netatalk service to behave unexpectedly or become temporarily unavailable.

There is no indication that this vulnerability allows for data compromise, privilege escalation, or other severe impacts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44075. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart