Copyright © 2012 Red Hat, Inc. All rights reserved. Low 2026-05-04T05:45:05 mutt: mutt: Authentication bypass due to IMAP CRAM-MD5 hash truncation 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CWE-193

A flaw was found in mutt. During the IMAP CRAM-MD5 (Challenge-Response Authentication Mechanism - Message-Digest Algorithm 5) authentication, the password hash is truncated by one byte. This issue could allow a remote attacker to potentially bypass authentication, leading to unauthorized access.

Red Hat Enterprise Linux 10 Fix deferred mutt Red Hat Enterprise Linux 6 Out of support scope mutt Red Hat Enterprise Linux 7 Fix deferred mutt Red Hat Enterprise Linux 8 Fix deferred mutt Red Hat Enterprise Linux 9 Fix deferred mutt https://www.cve.org/CVERecord?id=CVE-2026-43860 https://nvd.nist.gov/vuln/detail/CVE-2026-43860 https://github.com/muttmua/mutt/commit/834c5a2ed0479e51e8662a31caed129f136f4805