Kevin J. McCarthy

6 exploits Active since May 2026
CVE-2026-43859 WRITEUP LOW WRITEUP
mutt <2.3.2 - Memory Corruption
mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest.
CVSS 3.7
CVE-2026-43860 WRITEUP LOW WRITEUP
mutt <2.3.2 - Auth Bypass
mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.
CVSS 3.7
CVE-2026-43861 WRITEUP LOW WRITEUP
mutt <2.3.2 - Memory Corruption
mutt before 2.3.2 does not check for '\0' in url_pct_decode.
CVSS 3.7
CVE-2026-43862 WRITEUP LOW WRITEUP
mutt <2.3.2 - Auth Bypass
In mutt before 2.3.2, the imap_auth_gss security level is mishandled.
CVSS 3.7
CVE-2026-43863 WRITEUP LOW WRITEUP
mutt <2.3.2 - DoS
mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.
CVSS 3.7
CVE-2026-43864 WRITEUP LOW WRITEUP
Mutt < 2.3.2 - NULL Pointer Dereference
mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.
CVSS 2.5