PT-2026-36772 · Mutt · Mutt

Evilrabbit

·

Published

2026-05-04

·

Updated

2026-05-09

·

CVE-2026-43859

CVSS v3.1

3.7

Low

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions mutt versions prior to 2.3.2
Description The software sometimes uses the strfcpy() function instead of memcpy() when handling the IMAP auth cram MD5 digest. This occurs during the authentication process for IMAP servers using the CRAM-MD5 mechanism.
Recommendations Update to version 2.3.2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-43859
OESA-2026-2200
OPENSUSE-SU-2026:10695-1

Affected Products

Mutt