Mutt: community verdicts
3 notable / known-exploited Mutt CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Mutt CVE, see NVD ↗.
- CVE-2024-49393MED 6.5EPSS 0%
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.
- CVE-2024-49394MED 5.3EPSS 0%
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
- CVE-2024-49395MED 5.3EPSS 0%
In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.