CVE Catalog

CVE-2026-43964

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.42%

33th percentile — higher than 33% of all known CVEs

Summary

A vulnerability in Postfix before versions 3.8.16, 3.9.10, and 3.10.9 allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.

Risk Assessment

An attacker can remotely crash the mail server, causing denial of service (DoS) and potential message loss.

Recommendation

Immediately upgrade Postfix to version 3.8.16, 3.9.10, or 3.10.9 depending on your branch.

Original NVD description (English source)

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS