Buffer Over-read Vulnerability in Postfix Email Server
CVE-2026-43964

3.7LOW

Key Information:

Vendor: Postfix
Status: Postfix
Vendor: CVE Published:; 4 May 2026

What is CVE-2026-43964?

A buffer over-read vulnerability has been identified in the Postfix email server that can lead to undesirable behavior. Specifically, when the enhanced status code is returned without adequate text following the third number, this can trigger a buffer over-read condition. This situation may result in a process crash, affecting the stability and reliability of the Postfix email system. Users are encouraged to upgrade to the latest versions to mitigate potential security risks and maintain optimal server performance.

Affected Version(s)

Postfix 2.3 < 3.8.16

Postfix 3.9 < 3.9.10

Postfix 3.10 < 3.10.9

References

https://www.mail-archive.com/postfix-announce@postfix.org...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2026
Vulnerability Reserved
May 4, 2026

CVE-2026-43964 Data

JSON