CVE-2026-44076 MEDIUM

CVE-2026-44076: Shell injection via volume path

Vendor Netatalk

Product Netatalk

Weakness CWE-78

Published May 21, 2026

Last update May 22, 2026

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path.

Key dates

02Disclosure timeline

May 21, 2026 CVE published

May 22, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-44076

Related vulnerabilities

04Related CVE

CVE-2025-34041 Sangfor Endpoint Detection and Response OS Command Injection CVE-2020-5757 CVE-2026-20040 Cisco IOS XR Software CLI Privilege Escalation Vulnerability CVE-2024-20461 Cisco ATA 190 Series Analog Telephone Adapter Firmware Command Injection Vulnerability CVE-2025-11005 TOTOLINK X6000R Unauthenticated Command Injection Vulnerability