PT-2026-36774 · Mutt · Mutt

Evilrabbit

·

Published

2026-05-04

·

Updated

2026-05-09

·

CVE-2026-43861

CVSS v3.1

3.7

Low

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions mutt versions prior to 2.3.2
Description The software fails to check for the null character '0' within the url pct decode() function.
Recommendations Update to version 2.3.2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-158

Related Identifiers

CVE-2026-43861
OESA-2026-2200
OPENSUSE-SU-2026:10695-1

Affected Products

Mutt