CVE-2026-44052

Description

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Netatalk 2.1.0 - 4.4.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import subprocess
import time

# Description: Proof of Concept script to demonstrate the information leakage vulnerability.
# This script simulates the condition where Netatalk logs LDAP credentials.
# Note: You need a vulnerable Netatalk instance configured with LDAP.

def simulate_ldap_bind_vulnerability():
    target_host = "192.168.1.100"
    ldap_user = "cn=admin,dc=example,dc=com"
    ldap_pass = "Sup3rS3cr3tP@ssw0rd"

    print(f"[*] Attempting to connect to Netatalk service at {target_host}...")
    
    # In a real scenario, this would be an AFP connection attempt triggering the LDAP backend
    # For simulation, we assume the server logs the bind request
    print(f"[*] Sending LDAP Simple Bind request for user: {ldap_user}")
    print(f"[*] Password used: {ldap_pass}")
    
    # This represents the vulnerable logging action
    print("\n[!] Vulnerability Triggered: Server logs the following:")
    print(f"[LOG] netatalk[123]: LDAP Bind: DN='{ldap_user}', Password='{ldap_pass}'")
    
    print("\n[!] An attacker with read access to /var/log/syslog can now see the password.")

if __name__ == "__main__":
    simulate_ldap_bind_vulnerability()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-44052
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-44052
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-44052/
[4] VulDB https://vuldb.com/cve/CVE-2026-44052
[5] https://netatalk.io/security/CVE-2026-44052

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-44052", "sourceIdentifier": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "published": "2026-05-21T08:16:20.800", "lastModified": "2026-05-21T15:20:19.040", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials."}], "metrics": {"cvssMetricV31": [{"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-532"}]}], "references": [{"url": "https://netatalk.io/security/CVE-2026-44052", "source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}}