SecurinZero Days
    Email Us
    Zero-Day Research/CVE-2026-44047
    ▲ HighCVSS 8.8EPSS 0.00371%

    SQL injection in MySQL CNID backend

    An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service.

    CVE IDCVE-2026-44047
    CVSS v3.18.8 High
    VendorNetatalk
    CWECWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    DisclosedMay 21, 2026
    StatusPublished
    All advisories
    • 01Description
    • 02Proof of Concept
    • 03Vulnerable Code
    • 04Trigger Conditions
    • 05Impact
    • 06Remediation
    • 07Timeline
    • 08References
    01/Description

    What this actually is.

    Technical background, root cause, and affected surface.

    An SQL injection vulnerability exists in the MySQL CNID (Connection Node ID) backend of Netatalk. The CNID subsystem manages persistent file identifiers for AFP volumes. Unsanitized user-controlled input is passed directly into SQL queries, allowing an authenticated attacker to manipulate database operations.

    Vendor
    Netatalk
    Product
    Netatalk
    Severity
    High
    CVSS Score
    8.8
    Status
    Published
    CWE
    CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Vector
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    02/Proof of Concept

    From one request
    to root shell.

    Reproduced in a sandboxed environment. Requires only LAN or WiFi adjacency.

    8.8CVSS 3.1
    VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    ScopeUnchanged
    ImpactC:H / I:H / A:H
    SeverityHigh
    PoC · Exploitation Steps▲ trigger
    01No public PoC available
    03/Vulnerable Code

    The bug, and the fix.

    cnid_dbd.c / cnid_mysql.c: SQL query construction using unsanitized AFP client-supplied data in CNID lookup and registration functions

    Root cause: Failure to use parameterized queries or prepared statements when constructing SQL from AFP client-supplied identifiers

    04/Trigger Conditions

    When does this fire?

    All conditions must be true for the exploit to succeed.

    Attacker must be authenticated to the AFP server with access to a volume backed by the MySQL CNID database

    05/Impact

    What an attacker does to you.

    Post-exploitation outcomes mapped to CVSS impact metrics.

    Unauthorized read or modification of CNID database records; potential denial of service via malformed SQL; data integrity compromise

    06/Remediation

    Fix it. In this order.

    A runbook, not a checklist. Sequence matters — assume compromise before you act.

    Upgrade to Netatalk 4.4.3 which fixes all SQL injection points with parameterized queries. If upgrade is not immediately possible, disable the MySQL CNID backend.

    Securin advisory — For coordinated remediation support or threat-actor briefings related to CVE-2026-44047, contact disclose@securin.io
    07/Disclosure Timeline

    Vendors moved in days.
    Attackers in hours.

    Reconstructed from vendor advisories, CISA bulletins, and Securin research records.

    2026-03-14: Vendor notified

    2026-05-13: Netatalk 4.4.3 patch released | 2026-05-21: CVE published to MITRE

    Timeline recorded · Disclosure coordinated by Securin

    08/References

    Cite, verify, go deeper.

    Primary sources — NVD, CISA KEV, and machine-readable IoC feed.

    NVD

    NVD — CVE-2026-44047

    nvd.nist.gov/vuln/detail/CVE-2026-44047 →
    SEC

    Securin VI — Full Technical Analysis

    vi.securin.io →
    NETATA

    https://netatalk.io/security/CVE-2026-44047

    https://netatalk.io/security/CVE-2026-44047 →

    Let Securin level up your security posture.

    Get a live exposure assessment, threat-actor briefing tailored to your sector, and IoC mapping for your SIEM.

    Browse all advisories
    SecurinSecurinZero Days

    Securin's zero-day research operation combines frontier AI models with a decade of offensive expertise — discovering, validating, and coordinating the disclosure of high-impact vulnerabilities at a scale and speed no human team achieves alone.

    Glossary
    © 2026 Securin Inc · CVE Numbering Authority
    Privacy Policy·Data Processing Addendum