What this actually is.
Technical background, root cause, and affected surface.
Netatalk authentication modules call seteuid() to drop privileges but do not check the return value. seteuid() can fail (e.g., when the process has reached its RLIMIT_NPROC limit or due to other OS constraints), leaving the process running with unintended elevated effective UID.
- Vendor
- Netatalk
- Product
- Netatalk
- Severity
- Medium
- CVSS Score
- 5
- Status
- Published
- CWE
- CWE-273: Improper Check for Dropped Privileges
- Vector
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
From one request
to root shell.
Reproduced in a sandboxed environment. Requires only LAN or WiFi adjacency.
The bug, and the fix.
etc/uams/uams_*.c: seteuid(getuid()) calls without return value validation
Root cause: seteuid() return value not checked in authentication module privilege transitions
When does this fire?
All conditions must be true for the exploit to succeed.
Specific OS conditions cause seteuid() to fail (EAGAIN from resource limits); local attacker may be able to trigger this condition
What an attacker does to you.
Post-exploitation outcomes mapped to CVSS impact metrics.
afpd process retains elevated effective UID when privilege drop silently fails
Fix it. In this order.
A runbook, not a checklist. Sequence matters — assume compromise before you act.
Upgrade to Netatalk 4.4.3 which checks seteuid() return values and aborts authentication on failure.
disclose@securin.ioVendors moved in days.
Attackers in hours.
Reconstructed from vendor advisories, CISA bulletins, and Securin research records.
2026-05-13: Netatalk 4.4.3 patch released | 2026-05-21: CVE published to MITRE
Timeline recorded · Disclosure coordinated by Securin
Cite, verify, go deeper.
Primary sources — NVD, CISA KEV, and machine-readable IoC feed.