Moole Vulnerability Database

Find real vulnerabilities before they ship

Medium

CVE-2026-44076

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path.

VectorLOCAL

PublishedMay 21, 2026, 08:16

Published By33c584b5-0579-4c06-b2a0-8d8329fcab9c

Base Score

Score6.7

Affected Versions

No affected versions found.

References

https://netatalk.io/security/CVE-2026-44076

Weakness Type

CWE-78

CVSS Metrics

Base Score

6.7

Vector String

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Base SeverityMedium

Version

3.1

Attack Vector (AV)

LOCAL