Description
Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths.
Published: 2026-05-21
Score: 3.7 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises when the Netatalk server combines multiple errno values with a bitwise OR operation. When several error conditions occur simultaneously, the resulting error code is incorrect, causing the server to follow unintended error-handling paths. The impact is that a remote attacker may be able to trigger minor service disruptions by inducing these erroneous conditions.

Affected Systems

The Netatalk package, versions 2.1.0 through 4.4.2, contains the flaw. No specific subcomponents are mentioned; the problem exists within the core error handling logic.

Risk and Exploitability

With a CVSS score of 3.7 the severity is low, and the vulnerability is not listed in the CISA KEV catalog, indicating no widely known exploits. Exploitation requires network access to the Netatalk service and the ability to provoke multiple concurrent error conditions, which is not trivial but could occur with crafted requests. The limited impact and lack of publicly known workarounds imply that the overall risk remains modest.

Generated by OpenCVE AI on May 21, 2026 at 10:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Netatalk release (4.4.3 or newer) to eliminate the bitwise OR bug
  • If a patch cannot be applied immediately, restrict the Netatalk service to trusted networks and monitor logs for abnormal errno patterns
  • If the service is not essential on a host, consider disabling Netatalk until a fix is available

Generated by OpenCVE AI on May 21, 2026 at 10:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Netatalk
Netatalk netatalk
Vendors & Products Netatalk
Netatalk netatalk

Thu, 21 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths.
Title Bitwise OR of errno values
Weaknesses CWE-682
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Netatalk Netatalk
cve-icon MITRE

Status: PUBLISHED

Assigner: securin

Published:

Updated: 2026-05-21T08:23:42.792Z

Reserved: 2026-05-05T07:25:20.197Z

Link: CVE-2026-44074

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-21T09:16:29.650

Modified: 2026-05-21T09:16:29.650

Link: CVE-2026-44074

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T10:30:08Z

Weaknesses