CVE-2026-44075

LOW NVD

CVSS Score 3.7

Severity LOW

Published May 21, 2026

Vendor unknown

Description

A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service disruption via crafted DSI session options.

References

https://netatalk.io/security/CVE-2026-44075