Netatalk is the bridge between Linux file servers and macOS workstations in mixed-OS environments. An attacker with valid credentials — including a compromised service account or a disgruntled employee — can use this flaw to read sensitive files anywhere on the server (configuration files, credentials, business data) or silently overwrite files, which could corrupt business records, alter configurations, or introduce backdoors. If the affected server stores regulated data such as personal records or financial files, unauthorized reads may trigger mandatory breach notification obligations under applicable data protection laws.
You Are Affected If
You run Netatalk versions 3.0.2 through 4.4.2 on Linux or Unix servers
AFP (Apple Filing Protocol) service is active and accessible by network users, including internal users in untrusted segments
The Netatalk service is exposed to internet-facing networks or DMZ segments without strict firewall rules limiting AFP port 548/TCP
You have not applied a vendor-released patch addressing CVE-2026-44051
AFP shares are hosted on servers that also store sensitive data outside the share root (credentials, config files, application data)
Board Talking Points
A confirmed vulnerability in our Linux file-sharing software allows anyone with a valid login to read or overwrite files anywhere on the affected server.
Technology teams should identify and patch all affected Netatalk servers within the next 7 days, with network access restrictions applied immediately as an interim measure.
Without action, a compromised employee account or external attacker with stolen credentials could silently read sensitive business data or corrupt server files, potentially triggering breach notification requirements.
