CVE-2026-44050
Advisory lineage Upstream: 0 Downstream: 2
Downstream
Received
Published: 21 May 2026, 07:34
Last modified:21 May 2026, 07:52
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.9 CRITICAL
v3.1 (cve.org)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
21 May 2026, 07:34
Published
Vulnerability first disclosed
21 May 2026, 07:52
Last Modified
Vulnerability information updated
Description
In Netatalk 2.0.0 through 4.4.2, heap buffer overflow in cnid daemon comm_rcv(). Fixed in 4.4.3.
CVSS Metrics
- v3.1•CRITICAL•Score: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Techniques & Countermeasures
- CWE-122•Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Affected Systems
- netatalk•netatalk
≥ 2.0.0, ≤ 4.4.2