Primary

Context

Netatalk Spotlight RPC Unmarshaller Dead Bounds Check Vulnerability

Vulnerability

Patched

A dead bounds check vulnerability has been identified in the Spotlight RPC unmarshaller of Netatalk versions 3.0.0 through 4.4.2. This flaw creates an unreachable code path that fails to provide effective bounds protection, potentially allowing a remote authenticated attacker to access limited information by sending crafted Spotlight RPC requests.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure.

Remediation

Users can apply the patch named 'CVE-2026-44057,CVE-2026-44066.patch' to a Netatalk 4.4.2 source tree to hotfix their local Netatalk deployment. Alternatively, upgrading to Netatalk version 4.4.3 or later, which includes the patch, is recommended. Applying this patch is advisable for defense-in-depth, as it also addresses the related independently exploitable issue in CVE-2026-44066.

Added: May 21, 2026, 9:23 AM

Updated: May 21, 2026, 9:23 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

4.9

remediation

7.7

relevance

9.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

4.9

remediation

7.7

relevance

9.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netatalk Spotlight RPC Unmarshaller Dead Bounds Check Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Netatalk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating