CVE-2026-43860 | mutt up to 2.3.1 IMAP hash_passwd off-by-one

May 4, 2026 Yanac

A vulnerability, which was classified as problematic, has been found in mutt up to 2.3.1. The affected element is the function hash_passwd of the component IMAP. This manipulation causes off-by-one.

The identification of this vulnerability is CVE-2026-43860. It is possible to initiate the attack remotely. There is no exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More