Skip to main content

mutt CVE-2026-43862

| EUVDEUVD-2026-26900 LOW
Access of Resource Using Incompatible Type (Type Confusion) (CWE-843)
2026-05-04 mitre
3.7
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.7 LOW
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

7
Patch available
May 04, 2026 - 07:31 EUVD
Source Code Evidence Fetched
May 04, 2026 - 07:31 vuln.today
Analysis Generated
May 04, 2026 - 07:31 vuln.today
Patch released
May 04, 2026 - 07:16 nvd
Patch available
EUVD ID Assigned
May 04, 2026 - 07:00 euvd
EUVD-2026-26900
Analysis Generated
May 04, 2026 - 07:00 vuln.today
CVE Published
May 04, 2026 - 06:00 nvd
LOW 3.7

DescriptionCVE.org

In mutt before 2.3.2, the imap_auth_gss security level is mishandled.

AnalysisAI

Mutt before 2.3.2 mishandles the IMAP GSS security level due to improper integer casting and insufficient bounds checking, allowing remote attackers to trigger memory corruption and information disclosure via a crafted IMAP server response during GSS-API authentication. The vulnerability requires high attack complexity (malicious IMAP server) but affects all versions prior to 2.3.2.

Technical ContextAI

The vulnerability exists in mutt's IMAP GSS-API authentication handler (imap/auth_gss.c). The code performs network-order conversion (ntohl) of a 4-byte security level field from the IMAP server without first verifying the received token contains at least 4 bytes. The original code cast this field as a long pointer on systems where long may be 64-bit, creating a type mismatch between the declared variable (unsigned long) and the actual 32-bit network data (uint32_t). This combination of insufficient bounds checking (CWE-843: Access of Memory Location Using Variable with Incorrect Type) and potential integer overflow allows reading or writing adjacent memory. The GSS-API security negotiation phase occurs unauthenticated during IMAP session setup.

RemediationAI

Upgrade mutt to version 2.3.2 or later. Users on systems where patched versions are not yet available should disable GSS-API authentication by removing 'gss' from the imap_authenticators configuration setting or by not connecting to IMAP servers that require or offer GSS-API. Note that disabling GSS-API may restrict authentication options if the IMAP server requires Kerberos; coordinate with mail server administrators for alternative authentication methods. No workarounds exist for patched versions.

More in Mutt

View all
CVE-2018-14362 CRITICAL
9.8 Jul 17

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu

CVE-2018-14359 CRITICAL
9.8 Jul 17

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu

CVE-2018-14358 CRITICAL
9.8 Jul 17

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu

CVE-2018-14357 CRITICAL
9.8 Jul 17

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu

CVE-2018-14356 CRITICAL
9.8 Jul 17

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu

CVE-2018-14354 CRITICAL
9.8 Jul 17

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu

CVE-2018-14353 CRITICAL
9.8 Jul 17

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu

CVE-2018-14352 CRITICAL
9.8 Jul 17

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu

CVE-2018-14351 CRITICAL
9.8 Jul 17

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu

CVE-2018-14350 CRITICAL
9.8 Jul 17

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu

CVE-2018-14349 CRITICAL
9.8 Jul 17

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu

CVE-2014-9116 MEDIUM POC
5.0 Dec 02

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, w

Share

CVE-2026-43862 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy