A vulnerability, which was classified as problematic , has been found in mutt up to 2.3.1 . The affected element is the function hash_passwd of the component IMAP . This manipulation causes off-by-one. The identification of this vulnerability is CVE-2026-43860 . It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.