Known Vulnerabilities for products from Mutt
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Mutt".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-43864 json | Not Provided | 2026-05-04 | 2026-05-04 | |
| CVE-2026-43863 json | Not Provided | 2026-05-04 | 2026-05-04 | |
| CVE-2026-43862 json | Not Provided | 2026-05-04 | 2026-05-04 | |
| CVE-2026-43861 json | Not Provided | 2026-05-04 | 2026-05-04 | |
| CVE-2026-43860 json | Not Provided | 2026-05-04 | 2026-05-04 | |
| CVE-2026-43859 json | Not Provided | 2026-05-04 | 2026-05-04 | |
| CVE-2024-49395 json | In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inf... | Not Provided | 2024-11-12 | 2026-06-26 |
| CVE-2024-49394 json | In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to ... | Not Provided | 2024-11-12 | 2026-06-26 |
| CVE-2024-49393 json | In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that int... | Not Provided | 2024-11-12 | 2026-06-26 |
| CVE-2023-4875 json | Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 | 5.7 - MEDIUM | 2023-09-09 | 2023-10-15 |
| CVE-2023-4874 json | Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 | 6.5 - MEDIUM | 2023-09-09 | 2023-10-15 |
| CVE-2022-1328 json | Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input ... | 5.3 - MEDIUM | 2022-04-14 | 2022-10-14 |
| CVE-2021-32055 json | Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/ut... | 9.1 - CRITICAL | 2021-05-05 | 2021-06-01 |
| CVE-2021-3181 json | rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email... | 6.5 - MEDIUM | 2021-01-19 | 2023-11-07 |
| CVE-2020-28896 json | Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial ... | 5.3 - MEDIUM | 2020-11-23 | 2021-07-21 |
| CVE-2020-14954 json | Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a se... | 5.9 - MEDIUM | 2020-06-21 | 2023-11-07 |
| CVE-2020-14154 json | Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expire... | 4.8 - MEDIUM | 2020-06-15 | 2023-03-01 |
| CVE-2020-14093 json | Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. | 5.9 - MEDIUM | 2020-06-15 | 2022-04-27 |
| CVE-2018-14362 json | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have u... | 9.8 - CRITICAL | 2018-07-17 | 2020-05-19 |
| CVE-2018-14359 json | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data. | 9.8 - CRITICAL | 2018-07-17 | 2020-05-19 |
Known software with vulnerabilities from Mutt
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Mutt | Mutt | 1.11.0 |