CVE-2026-43964
Modified
Modified - Updated After Analysis
Buffer Over-Read in Postfix SMTP Server
Vulnerability report for CVE-2026-43964, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-05-04
Last updated on: 2026-06-30
Assigner: MITRE
Description
Description
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| postfix | postfix | to 3.8.16 (exc) |
| postfix | postfix | From 3.10.0 (inc) to 3.10.9 (exc) |
| postfix | postfix | From 3.9.0 (inc) to 3.9.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-193 | A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value. |