CVE-2026-44052

EUVD-2026-31227
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
securinCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
netatalknetatalk
2.1.0 ≤
𝑥
≤ 4.4.2
CNA
Debian logo
Debian Releases
Debian Product
Codename
netatalk
bullseye
vulnerable
bullseye (security)
vulnerable
forky
vulnerable
sid
4.4.3~ds-1
fixed
trixie
vulnerable
trixie (security)
4.2.3~ds-1+deb13u2
fixed
Common Weakness Enumeration
References
https://netatalk.io/security/CVE-2026-44052