CVE-2026-43862

EUVD-2026-26900
In mutt before 2.3.2, the imap_auth_gss security level is mishandled.
Type Confusion
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
mitreCNA
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
muttmutt
𝑥
< 2.3.2
CNA
Debian logo
Debian Releases
Debian Product
Codename
mutt
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
postponed
bullseye (security)
vulnerable
forky
2.3.2-1
fixed
sid
2.4.0-1
fixed
trixie
no-dsa
Common Weakness Enumeration
References
https://github.com/muttmua/mutt/commit/f547a849cdacb512800a5f477c27de217e1c8151