UBUNTU-CVE-2026-44051

Details

An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation.

Affected Packages

netatalk

Ubuntu 25.10

Affected versions:

4.1.2~ds-44.2.1~ds-14.2.3~ds-1

netatalk

Ubuntu 26.04 LTS

Fixed in:

4.2.3~ds-2.1ubuntu0.1

netatalk

Ubuntu Pro 14.04 LTS

Fixed in:

2.2.2-1ubuntu2.2+esm3

netatalk

Ubuntu Pro 16.04 LTS

Fixed in:

2.2.5-1ubuntu0.2+esm3

netatalk

Ubuntu Pro 18.04 LTS

Fixed in:

2.2.6-1ubuntu0.18.04.2+esm3

netatalk

Ubuntu Pro 20.04 LTS

Fixed in:

3.1.12~ds-4ubuntu0.20.04.4+esm1

netatalk

Ubuntu Pro 22.04 LTS

Fixed in:

3.1.12~ds-9ubuntu0.22.04.4+esm1

netatalk

Ubuntu Pro 24.04 LTS

Fixed in:

3.1.18~ds-1ubuntu0.1~esm2

References

REPORT

https://netatalk.io/security/CVE-2026-44051

REPORT

https://ubuntu.com/security/CVE-2026-44051

ADVISORY

https://ubuntu.com/security/notices/USN-8395-1

REPORT

https://www.cve.org/CVERecord?id=CVE-2026-44051