CVE-2026-44050

Published: May 21, 2026Modified: May 21, 2026Deferred

9.9

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.1 / Impact: 6.0

Source: 33c584b5-0579-4c06-b2a0-8d8329fcab9c (Secondary)

Description

A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service.

Related CWEs

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (1)

https://netatalk.io/security/CVE-2026-44050

Source: 33c584b5-0579-4c06-b2a0-8d8329fcab9c

Timeline

No history available yet.