CVE-2026-44063 PUBLISHED

LDAP filter injection

Assigner: securin
Reserved: 05.05.2026 Published: 21.05.2026 Updated: 21.05.2026

An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
CVSS Score: 4.2

Product Status

Vendor Netatalk
Product Netatalk
Versions Default: unaffected
  • affected from 2.1.0 to 4.4.2 (incl.)
  • Version 4.5.0 is unaffected

Credits

  • Arjun Basnet from Securin finder

References

Problem Types

  • Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') CWE