CVE-2026-7837
Time-of-Check Time-of-Use Race Condition in Netatalk
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: securin
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netatalk | netatalk | From 3.0.0 (inc) to 4.4.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a time-of-check time-of-use (TOCTOU) condition found in the ad_flush function of Netatalk versions 3.0.0 through 4.4.2. It involves root-privileged file operations, which means that under certain race conditions, a remote attacker could exploit the timing issue to cause limited modification of data.
How can this vulnerability impact me? :
The vulnerability may allow a remote attacker to cause limited data modification. This means that an attacker could potentially alter some data on the affected system without authorization, although the impact is limited and does not affect confidentiality or availability.