Description
mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.
Published: 2026-05-04
Score: 2.5 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a NULL pointer dereference in the show_sig_summary function of mutt, which may cause the application to crash when attempting to display a message signature summary. The resulting denial‑of‑service occurs by a local user sending or interacting with a message that triggers the faulty code. The weakness is a classic null dereference (CWE‑476).

Affected Systems

Mutt, versions prior to 2.3.2 are affected. All users running the email client on desktop, server, or embedded environments with these versions are potentially impacted.

Risk and Exploitability

The CVSS score is 2.5, indicating low overall severity. No EPSS score is available and the vulnerability is not listed in CISA KEV, suggesting a modest likelihood of exploitation. The attack likely requires local access or the ability to influence the content of a message viewed by the user. Given the low severity and limited exploitation evidence, the risk is considered low but sufficient to warrant remediation.

Generated by OpenCVE AI on May 4, 2026 at 07:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade mutt to version 2.3.2 or newer
  • If an immediate upgrade is not possible, avoid triggering the signature summary view for untrusted or unknown messages
  • verify the crash environment is isolated or confined to prevent broader system impact

Generated by OpenCVE AI on May 4, 2026 at 07:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 May 2026 07:45:00 +0000

Type Values Removed Values Added
Title NULL Pointer Dereference in Signature Summary Display of mutt

Mon, 04 May 2026 06:45:00 +0000

Type Values Removed Values Added
Description mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.
First Time appeared Mutt
Mutt mutt
Weaknesses CWE-476
CPEs cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*
Vendors & Products Mutt
Mutt mutt
References
Metrics cvssV3_1

{'score': 2.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L'}

Subscriptions

Mutt Mutt
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-04T18:26:15.822Z

Reserved: 2026-05-04T06:10:52.216Z

Link: CVE-2026-43864

cve-icon Vulnrichment

Updated: 2026-05-04T13:47:54.901Z

cve-icon NVD

Status : Received

Published: 2026-05-04T07:16:01.190

Modified: 2026-05-04T07:16:01.190

Link: CVE-2026-43864

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T07:30:40Z

Weaknesses