CVE-2026-43860

Description

mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.

CVSS Vector

References

• https://github.com/muttmua/mutt/commit/834c5a2ed0479e51e8662a31caed129f136f4805