Description
An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism.
Published: 2026-05-21
Score: 6.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Netatalk 2.2.2 through 4.4.2 contain an authentication bypass flaw that lets a remote privileged user authenticate as any account via the admin auth user mechanism. The flaw is a weakness in the authentication process (CWE-287) and can be exploited to gain higher privileges than originally permitted, compromising system confidentiality and integrity.

Affected Systems

The vulnerability affects all Netatalk service deployments running any version from 2.2.2 up to and including 4.4.2. Systems that have not applied any vendor update during that release range remain susceptible.

Risk and Exploitability

The CVSS score of 6.4 indicates a moderate severity vulnerability. It can be exploited by an attacker with network access to the Netatalk service and a privileged user account, though further details on exact prerequisites are not provided in the advisory. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on May 21, 2026 at 10:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor website for a patched version of Netatalk or an official advisory that addresses this issue.
  • If a patch is not yet released, disable the admin authentication user feature or remove the admin user account from the service configuration.
  • Restrict network access to the Netatalk service by implementing firewall rules or VPN restrictions to limit exposure to trusted hosts only.

Generated by OpenCVE AI on May 21, 2026 at 10:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description In Netatalk 2.2.2 through 4.4.2, authentication bypass via admin auth user. Fixed in 4.5.0. An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism.

Thu, 21 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Netatalk
Netatalk netatalk
Vendors & Products Netatalk
Netatalk netatalk

Thu, 21 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description In Netatalk 2.2.2 through 4.4.2, authentication bypass via admin auth user. Fixed in 4.5.0.
Title Authentication bypass via admin auth user
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Netatalk Netatalk
cve-icon MITRE

Status: PUBLISHED

Assigner: securin

Published:

Updated: 2026-05-21T07:52:26.565Z

Reserved: 2026-05-05T07:25:12.313Z

Link: CVE-2026-44058

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-21T08:16:21.353

Modified: 2026-05-21T09:16:28.050

Link: CVE-2026-44058

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T11:00:11Z

Weaknesses