CVE-2026-43860

# PoC for CVE-2026-43860 (Conceptual) # This script demonstrates the hash truncation logic vulnerability. import hmac import hashlib def calculate_vulnerable_digest(challenge, password): """ Simulates the vulnerable implementation in Mutt < 2.3.2 where the resulting hex digest is truncated by one byte. """ # Calculate standard HMAC-MD5 digest = hmac.new(password.encode(), challenge.encode(), hashlib.md5).digest() hex_digest = digest.hex() # VULNERABILITY: Truncate the last byte (2 hex characters) vulnerable_digest = hex_digest[:-2] return vulnerable_digest # Example Scenario imap_challenge = "<[email protected]>" user_password = "secret_password" print(f"Original Challenge: {imap_challenge}") print(f"Vulnerable Digest: {calculate_vulnerable_digest(imap_challenge, user_password)}") # An attacker would send this truncated digest in the IMAP AUTHENTICATE command.

{"cve": {"id": "CVE-2026-43860", "sourceIdentifier": "[email protected]", "published": "2026-05-04T07:16:00.573", "lastModified": "2026-05-05T19:44:42.893", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 3.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-193"}]}], "references": [{"url": "https://github.com/muttmua/mutt/commit/834c5a2ed0479e51e8662a31caed129f136f4805", "source": "[email protected]"}]}}