CVE-2026-44064: Out-of-Bounds Access Vulnerability in Netatalk ASP
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
CVE-2026-44064 affects Netatalk's handling of AppleTalk Session Protocol (ASP) session IDs, allowing an unauthenticated attacker on the same local network to exploit an out-of-bounds access vulnerability. This flaw can lead to process memory disclosure or a denial of service (DoS) by crashing the daemon. The vulnerability arises from a lack of bounds checking on the session ID used as an array index. Netatalk administrators are advised to upgrade to version 4.4.3 or apply a patch to mitigate the risk. The vulnerability was disclosed on May 21, 2026, and has been reproduced in a controlled environment. The CVSS score for this vulnerability is 7.1, indicating a high severity level. Security advisories recommend restricting legacy AppleTalk access until a patch is applied.
Key Points: • CVE-2026-44064 allows local network attackers to exploit an out-of-bounds access vulnerability. • Affected systems include Netatalk versions prior to 4.4.3, with a CVSS score of 7.1. • Administrators should upgrade to version 4.4.3 or apply the provided patch immediately.