High severity7.6NVD Advisory· Published May 21, 2026· Updated May 21, 2026
CVE-2026-44068
CVE-2026-44068
Description
Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1News mentions
1- Netatalk: 25 CVEs Disclosed in Single-Day Security Audit DumpVypr Intelligence · May 21, 2026