CVE-2026-44075

3.7 LOW

A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall thr...

Published: 2026-05-21 · Last updated: 2026-05-21

Severity and scoring

CVSS: 3.7 LOW
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-484

Description

A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service disruption via crafted DSI session options.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-44075
[Other]https://netatalk.io/security/CVE-2026-44075