CVE Catalog
CVE-2026-43964
LowCVSS 3.7Exploitation Probability (EPSS)
Low risk0.42%
33th percentile — higher than 33% of all known CVEs
Summary
A vulnerability in Postfix before versions 3.8.16, 3.9.10, and 3.10.9 allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
Risk Assessment
An attacker can remotely crash the mail server, causing denial of service (DoS) and potential message loss.
Recommendation
Immediately upgrade Postfix to version 3.8.16, 3.9.10, or 3.10.9 depending on your branch.
Original NVD description (English source)
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.

