CVE-2026-44075

Summary

A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service disruption via crafted DSI session options.

Affected Software

VendorProductVersion RangeStatus
NetatalkNetatalk1.5.0 <= 4.4.2affected
NetatalkNetatalk4.5.0unaffected

Weaknesses

  • CWE-484: Omitted Break Statement in Switch

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References