CVE-2026-7837
3.7 LOWA time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file ope...
Published: 2026-05-21 · Last updated: 2026-05-21
Severity and scoring
- CVSS
- 3.7 LOW
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
- CWE
- CWE-367
Description
A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-24067 — Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes ... (8.4 HIGH)
- CVE-2026-49958 — Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the git_discard functi... (5.0 MEDIUM)
- CVE-2026-45647 — Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges ... (5.5 MEDIUM)
- CVE-2026-45487 — Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate pri... (7.8 HIGH)
- CVE-2026-24065 — Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service (8.1 HIGH)