CVE-2026-7837
LOWNetatalk 3.0.0-4.4.2 and >=4.5.0 - Time-of-check Time-of-use Race Condition in ad_flush
Title source: llmDescription
A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
Netatalk Security Advisory CVE-2026-7837
https://netatalk.io/security/CVE-2026-7837
Scores
CVSS v3
3.7
EPSS
0.0018
EPSS Percentile
7.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-367
Status
published
Products (2)
Netatalk/Netatalk
3.0.0 - 4.4.2
Netatalk/Netatalk
4.5.0
Published
May 21, 2026
Tracked Since
May 21, 2026