Description
In mutt before 2.3.2, the imap_auth_gss security level is mishandled.
Published: 2026-05-04
Score: 3.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves mishandling the imap_auth_gss security level in Mutt prior to version 2.3.2. This mismanagement can allow an attacker to weaken authentication controls, potentially enabling unauthorized access or impersonation. The weakness is classified as CWE-843, indicating a type of data conversion or invocation error that affects security state.

Affected Systems

Versions of Mutt older than 2.3.2 are affected. Any installation running these versions with the imap_auth_gss authentication method enabled is at risk.

Risk and Exploitability

The CVSS score of 3.7 reflects a low severity vulnerability. Because the EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, the likelihood of widespread exploitation appears limited. However, the likely attack vector is through remote IMAP authentication where an attacker could provide or manipulate credentials to trigger the mishandled security level. This could result in reduced authentication integrity or potential unauthorized access depending on the system’s configuration.

Generated by OpenCVE AI on May 4, 2026 at 07:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Mutt version 2.3.2 or later, which fixes the imap_auth_gss security level handling
  • If an upgrade is not immediately possible, review the imap_auth_gss configuration and ensure it is set to a secure level or disable the feature if it is not required
  • Monitor authentication logs for abnormal patterns that may indicate exploitation attempts

Generated by OpenCVE AI on May 4, 2026 at 07:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 May 2026 06:45:00 +0000

Type Values Removed Values Added
Description In mutt before 2.3.2, the imap_auth_gss security level is mishandled.
First Time appeared Mutt
Mutt mutt
Weaknesses CWE-843
CPEs cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*
Vendors & Products Mutt
Mutt mutt
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Mutt Mutt
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-04T18:21:26.993Z

Reserved: 2026-05-04T06:00:45.858Z

Link: CVE-2026-43862

cve-icon Vulnrichment

Updated: 2026-05-04T13:47:01.611Z

cve-icon NVD

Status : Received

Published: 2026-05-04T07:16:00.883

Modified: 2026-05-04T07:16:00.883

Link: CVE-2026-43862

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T07:30:40Z

Weaknesses