CVE-2026-43861 | mutt up to 2.3.1 url_pct_decode null byte or nul character

A vulnerability labeled as problematic has been found in mutt up to 2.3.1. Affected by this issue is the function url_pct_decode. Such manipulation leads to improper neutralization of null byte or nul character.

This vulnerability is traded as CVE-2026-43861. The attack may be launched remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More