A vulnerability classified as problematic was found in mutt up to 2.3.1 . Impacted is the function auth_cram . The manipulation results in improper neutralization of null byte or nul character. This vulnerability was named CVE-2026-43859 . The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.