Primary

Context

Netatalk DSI OpenSession Processing Switch Case Fall-Through Vulnerability

Vulnerability

Patched

A vulnerability exists in Netatalk versions 1.5.0 through 4.4.2 due to a missing break statement in the DSI OpenSession processing. This flaw causes the DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, leading to unintended handling of session options. As a result, a remote attacker could exploit this behavior to cause a minor service disruption by sending crafted DSI session options.

Impact

Exploitation of this vulnerability could result in a minor service disruption.

Remediation

Users can apply the CVE-2026-44075.patch to a Netatalk 4.4.2 source tree to hotfix their local Netatalk deployment. Alternatively, upgrading to Netatalk 4.5.0 or later, which includes the patch, is recommended. However, the Netatalk team does not encourage proactively applying the patch to existing deployments due to the low practical exploitability.

Added: May 21, 2026, 9:22 AM

Updated: May 21, 2026, 9:22 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

7.0

remediation

7.7

relevance

9.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

7.0

remediation

7.7

relevance

9.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netatalk DSI OpenSession Processing Switch Case Fall-Through Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Netatalk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating