Primary

Context

Mutt Null Byte Injection Vulnerability in URL Decoding Function

Vulnerability

Patched

A vulnerability exists in Mutt versions prior to 2.3.2, where the URL decoding function does not properly handle null byte characters. This oversight could potentially lead to unexpected behavior or security issues by allowing null bytes to be embedded in decoded URLs.

Impact

The vulnerability could be exploited to inject null byte characters into the URL decoding process, potentially leading to incorrect URL handling or manipulation.

Remediation

Users can upgrade to Mutt version 2.3.2 or later, where this vulnerability has been addressed.

Added: May 4, 2026, 7:33 AM

Updated: May 4, 2026, 7:33 AM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

4.9

remediation

7.7

relevance

7.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

4.9

remediation

7.7

relevance

7.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mutt Null Byte Injection Vulnerability in URL Decoding Function

Vulnerability

Impact

Remediation

Affected Products

mutt

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating