CVE-2026-44061

Summary

Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis.

Affected Software

VendorProductVersion RangeStatus
NetatalkNetatalk1.5.0 <= 4.4.2affected
NetatalkNetatalk4.5.0unaffected

Weaknesses

  • CWE-208: Observable Timing Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References