Security Flaw in Mutt Email Client Affecting IMAP Authentication
CVE-2026-43862

3.7LOW

Key Information:

Vendor: Mutt
Status: Mutt
Vendor: CVE Published:; 4 May 2026

What is CVE-2026-43862?

A security flaw in the Mutt email client prior to version 2.3.2 allows improper handling of the imap_auth_gss security level, potentially exposing users to authentication-related vulnerabilities. This misconfiguration could lead to unauthorized access in specific scenarios, highlighting the importance of updating to the latest version to enhance security.

Affected Version(s)

mutt 0 < 2.3.2

References

https://github.com/muttmua/mutt/commit/f547a849cdacb51280...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2026
Vulnerability Reserved
May 4, 2026

CVE-2026-43862 Data

JSON