CVE-2026-44064: Out-of-Bounds Access Vulnerability in Netatalk ASP

CVE-2026-44064: Out-of-Bounds Access Vulnerability in Netatalk ASP

First seen 16 Jul 2026, 04:26 UTC Securinnvd.nist.govnetatalk.io 81% similarity 64.5

Article Content

Browse articles
ThreatCluster

CVE-2026-44064 affects Netatalk's handling of AppleTalk Session Protocol (ASP) session IDs, allowing an unauthenticated attacker on the same local network to exploit an out-of-bounds access vulnerability. This flaw can lead to process memory disclosure or a denial of service (DoS) by crashing the daemon. The vulnerability arises from a lack of bounds checking on the session ID used as an array index. Netatalk administrators are advised to upgrade to version 4.4.3 or apply a patch to mitigate the risk. The vulnerability was disclosed on May 21, 2026, and has been reproduced in a controlled environment. The CVSS score for this vulnerability is 7.1, indicating a high severity level. Security advisories recommend restricting legacy AppleTalk access until a patch is applied.

Key Points: • CVE-2026-44064 allows local network attackers to exploit an out-of-bounds access vulnerability. • Affected systems include Netatalk versions prior to 4.4.3, with a CVSS score of 7.1. • Administrators should upgrade to version 4.4.3 or apply the provided patch immediately.

ThreatCluster AI

Timeline

2026-05-21
CVE-2026-44064 published
Netatalk disclosed a vulnerability in ASP session ID handling, allowing potential memory disclosure or service crashes.
Securin
2026-07-15
Securin reports vulnerability details
Securin outlines the exploit conditions and recommends upgrading to Netatalk 4.4.3 for mitigation.
Securin
2026-07-16
Netatalk issues security advisory
Netatalk advises administrators to apply a patch or upgrade to version 4.4.3 to address CVE-2026-44064.
netatalk.io

Community

Browse all →