A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service.
The vulnerability is a heap-based buffer overflow (CWE-122) in the comm_rcv() function responsible for receiving messages by the CNID (Crashed Node ID) daemon in Netatalk. An attacker with access to an authenticated account can send specially crafted data to the comm_rcv() function, causing memory areas outside the allocated buffer to be overwritten. This results in the possibility of taking control over the process execution flow and running arbitrary code with daemon privileges, potentially with elevated system privileges.
An attacker can execute arbitrary code with elevated privileges on the server or cause a denial of service (DoS) by crashing the CNID daemon process. The scope of the attack extends beyond the application context itself (Scope: Changed), which increases potential damage to the entire system.
Apply patches available from the vendor according to references (https://netatalk.io/security/CVE-2026-44050). An update to a version higher than 4.4.2 is recommended as soon as it is released by the Netatalk project. Until an update is applied, consider restricting access to the Netatalk service only to trusted, authenticated users and network segments.
Netatalk in versions 2.0.0 through 4.4.2 inclusive
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H