CVE-2026-44068
HIGH
NVD
CVSS Score
7.6
Severity
HIGH
Published
May 21, 2026
Vendor
unknown
Description
Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names.