Description
Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism.
Published: 2026-05-21
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Netatalk versions 2.0.0 through 4.4.2 generate AFP session tokens derived from predictable process IDs. This weakness allows a remote authenticated attacker to cause a denial of service by triggering the reconnect mechanism in afpd. The flaw involves improper random number generation (CWE-330) and results in service disruption rather than session hijacking.

Affected Systems

Vendors and products affected include Netatalk, specifically all releases from 2.0.0 up to and including 4.4.2. No fixed version is referenced in the CVE data; users should verify with the vendor whether a patch is available.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. The EPSS score is not available, so the likelihood of exploitation is unknown. The vulnerability is not listed in CISA KEV. The description indicates that a remote authenticated attacker can exploit the predictable session tokens to repeatedly trigger the afpd reconnect mechanism, leading to denial of service. Exploitation requires authentication to afpd and the ability to send requests that cause reconnection; no additional privileges are needed beyond those used for standard file-sharing access. The lack of detailed exploitation conditions implies that the threat is limited to attackers who have established authentication to afpd or are able to obtain such credentials.

Generated by OpenCVE AI on May 21, 2026 at 11:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether the Netatalk version in use is between 2.0.0 and 4.4.2 and check the vendor for a patch addressing the predictable token issue.
  • Apply any vendor‑released patch or upgrade to the latest Netatalk release once available.
  • Restart the afpd service to ensure the patch is active and consider enabling detailed logging to detect reconnect attempts.

Generated by OpenCVE AI on May 21, 2026 at 11:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-62801 netatalk security update
History

Thu, 21 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description In Netatalk 2.0.0 through 4.4.2, predictable afpd session token. Fixed in 4.4.3. Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism.

Thu, 21 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Netatalk
Netatalk netatalk
Vendors & Products Netatalk
Netatalk netatalk

Thu, 21 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description In Netatalk 2.0.0 through 4.4.2, predictable afpd session token. Fixed in 4.4.3.
Title Predictable afpd session token
Weaknesses CWE-330
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Netatalk Netatalk
cve-icon MITRE

Status: PUBLISHED

Assigner: securin

Published:

Updated: 2026-05-21T12:38:49.021Z

Reserved: 2026-05-05T07:24:42.291Z

Link: CVE-2026-44054

cve-icon Vulnrichment

Updated: 2026-05-21T12:38:44.555Z

cve-icon NVD

Status : Deferred

Published: 2026-05-21T08:16:21.017

Modified: 2026-05-21T15:20:19.040

Link: CVE-2026-44054

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T11:30:06Z

Weaknesses