Primary

Context

Netatalk SQL Injection Vulnerability in MySQL CNID Backend

Vulnerability

Patched

A SQL injection vulnerability has been identified in the MySQL CNID backend of Netatalk versions 3.1.0 prior to 4.4.2. This vulnerability allows authenticated AFP clients to manipulate database queries, potentially compromising the confidentiality, integrity, or availability of the CNID database.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of SQL commands, allowing attackers to manipulate the CNID database in ways that could compromise its confidentiality, integrity, or availability.

Remediation

Users can upgrade to Netatalk version 4.4.3 or later, which includes the necessary patch. Alternatively, the patch can be applied to a Netatalk 4.4.2 source tree. Netatalk administrators are advised to upgrade or apply the patch as soon as possible.

Added: May 21, 2026, 8:48 AM

Updated: May 21, 2026, 8:48 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.6

exploitability

3.5

remediation

8.3

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.6

exploitability

3.5

remediation

8.3

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netatalk SQL Injection Vulnerability in MySQL CNID Backend

Vulnerability

Impact

Remediation

Affected Products

Netatalk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating