CVE-2026-44055

Summary

A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
NetatalkNetatalk3.1.4 <= 4.4.2affected
NetatalkNetatalk4.4.3unaffected

Weaknesses

  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References