Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path.CreditsArjun Basnet from SecurinReferenceshttps://netatalk.io/security/CVE-2026-44076
