CVE-2026-44073

MEDIUM
Published May 21, 2026 Modified May 21, 2026 CWE-273

Description

Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error conditions.

CVSS v3.1 Score

5.0
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS — Exploit Prediction

0.0011
Probability of exploitation
0.29%
Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-273 CWE-273

References

Frequently Asked Questions

What is CVE-2026-44073? +
Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error conditions. It has a CVSS v3.1 base score of 5.0 (MEDIUM).
How severe is CVE-2026-44073? +
CVE-2026-44073 has a CVSS v3.1 score of 5.0 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance. The EPSS score is 0.0011, placing it in the 0th percentile for exploitation probability.
How do I check if I'm vulnerable to CVE-2026-44073? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-1003

A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may …
CVE-2024-8382 8.8

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content …
CVE-2026-32107 8.8

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an …
CVE-2025-27396 8.8

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the …
CVE-2023-34322 7.8

For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in …
CVE-2024-38813 7.5

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2026-44073 — free, no signup required.

Start Free Scan