What this actually is.
Technical background, root cause, and affected surface.
Multiple locations in Netatalk combine errno values using bitwise OR (|) to aggregate errors. Since errno values are not bit flags (they are sequential integers), bitwise OR produces an incorrect combined value that does not correspond to any defined error code, causing error handlers to misinterpret the condition.
- Vendor
- Netatalk
- Product
- Netatalk
- Severity
- Low
- CVSS Score
- 3.7
- Status
- Published
- CWE
- CWE-682: Incorrect Calculation
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
From one request
to root shell.
Reproduced in a sandboxed environment. Requires only LAN or WiFi adjacency.
The bug, and the fix.
Multiple source files: errno combinations using (err1 | err2) instead of storing or prioritizing errno values individually
Root cause: Programmer error: errno values are sequential integers, not bit flags; bitwise OR is semantically incorrect for combining them
When does this fire?
All conditions must be true for the exploit to succeed.
Error conditions that cause multiple errno-producing operations in sequence trigger the incorrect OR combination
What an attacker does to you.
Post-exploitation outcomes mapped to CVSS impact metrics.
Incorrect error propagation; error handlers may silently ignore real errors or take incorrect recovery actions
Fix it. In this order.
A runbook, not a checklist. Sequence matters — assume compromise before you act.
Upgrade to Netatalk 4.4.3 which replaces bitwise OR errno combinations with correct error prioritization logic.
disclose@securin.ioVendors moved in days.
Attackers in hours.
Reconstructed from vendor advisories, CISA bulletins, and Securin research records.
2026-05-13: Netatalk 4.4.3 patch released | 2026-05-21: CVE published to MITRE
Timeline recorded · Disclosure coordinated by Securin
Cite, verify, go deeper.
Primary sources — NVD, CISA KEV, and machine-readable IoC feed.