CVE-2026-44061
5.9 MEDIUMNetatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authen...
Published: 2026-05-21 · Last updated: 2026-05-21
Severity and scoring
- CVSS
- 5.9 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-208
Description
Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-48011 — Shopware is an open commerce platform (3.7 LOW)
- CVE-2026-48859 — Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enum...
- CVE-2026-5419 — A flaw was found in gnutls (3.7 LOW)
- CVE-2026-45410 — TREK is a collaborative travel planner (5.3 MEDIUM)
- CVE-2026-5091 — Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks