Buffer Underflow Vulnerability in Mutt Email Client
CVE-2026-43861

3.7LOW

Key Information:

Vendor: Mutt
Status: Mutt
Vendor: CVE Published:; 4 May 2026

What is CVE-2026-43861?

An issue in Mutt, the email client, prior to version 2.3.2, involves a failure to properly handle the URL decoding process. Specifically, the application does not account for null characters ('\0') when decoding URLs, which can result in unexpected behavior or crashes. This oversight could potentially be exploited by an attacker, leading to compromised system integrity and unauthorized access. Users are encouraged to update to the latest version to mitigate this vulnerability.

Affected Version(s)

mutt 0 < 2.3.2

References

https://github.com/muttmua/mutt/commit/12f54fe3b61f761c09...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2026
Vulnerability Reserved
May 4, 2026

CVE-2026-43861 Data

JSON