Unity Linux 20.1060e / 20.1070e Security Update: mutt (UTSA-2026-016642)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016642 advisory. Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. Tenable has...

Unity Linux 20.1070e Security Update: mutt (UTSA-2026-016745)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016745 advisory. Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line Tenable has extracted the preceding...

Unity Linux 20.1060e / 20.1070e Security Update: mutt (UTSA-2026-017546)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017546 advisory. Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Tenable has extracted the preceding description block directly from t...

Unity Linux 20.1060e / 20.1070e Security Update: mutt (UTSA-2026-017533)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017533 advisory. Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connectio...

Unity Linux 20.1060e / 20.1070e Security Update: mutt (UTSA-2026-017499)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017499 advisory. rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequences of semicolon...

OESA-2026-2200 mutt security update

Mutt is a small but very powerful text-based mail client for Unix operating systems. Security Fixes: mutt before version 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest, which may lead to buffer handling issues.CVE-2026-43859 Mutt email client before version 2.3.2...

CVE-2026-43864

A flaw was found in mutt. This vulnerability, a null pointer dereference in the showsigsummary function, could allow an attacker to cause a denial of service. This occurs when processing specially crafted input related to signature summaries. Mitigation Mitigation for this issue is either not...

CVE-2026-43863

A flaw was found in mutt, an email client. A remote attacker could exploit this vulnerability by sending specially crafted input, which would trigger an infinite loop in the dataobjecttostream function. This issue, located in the crypt-gpgme.c component, can lead to a Denial of Service DoS, causi...

CVE-2026-43862

A flaw was found in mutt, an email client. The imapauthgss security level, which is used for secure IMAP Internet Message Access Protocol authentication, is mishandled. This vulnerability could allow an attacker to bypass certain security protections, potentially leading to a low impact on data...

CVE-2026-43860

A flaw was found in mutt. During the IMAP CRAM-MD5 Challenge-Response Authentication Mechanism - Message-Digest Algorithm 5 authentication, the password hash is truncated by one byte. This issue could allow a remote attacker to potentially bypass authentication, leading to unauthorized access...

CVE-2026-43859

A flaw was found in mutt, an email client, where it mishandles cryptographic digests used for IMAP Internet Message Access Protocol authentication. This incorrect handling could lead to a low integrity impact, potentially allowing a remote attacker to subtly affect the authentication process...

CVE-2026-43861

A flaw was found in mutt, an email client. The urlpctdecode function, which is responsible for decoding URL-encoded strings, does not correctly handle null termination characters. This vulnerability could allow a remote attacker, to manipulate how URLs are processed, potentially leading to a...

mutt-2.3.2-1.1 on GA media (moderate)

mutt-2.3.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10695-1 Rating: moderate Cross-References: CVE-2026-43859 CVE-2026-43861 CVE-2026-43862 CVE-2026-43863 CVSS scores: CVE-2026-43859 SUSE : 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-43859 SUSE : 6.3...

SUSE CVE-2026-43859

mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest...

SUSE CVE-2026-43860

mutt before 2.3.2 sometimes truncates the hashpasswd by one byte for IMAP authcram MD5 digest...

SUSE CVE-2026-43861

mutt before 2.3.2 does not check for '\0' in urlpctdecode...

SUSE CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

SUSE CVE-2026-43863

mutt before 2.3.2 has an infinite loop in dataobjecttostream in crypt-gpgme.c...

SUSE CVE-2026-43864

mutt before 2.3.2 has a showsigsummary NULL pointer dereference...

PT-2026-37369

These are all security issues fixed in the mutt-2.3.2-1.1 package on the GA media of openSUSE Tumbleweed...