Arbitrary Command Execution via Backquote Characters in Mutt and NeoMutt

Arbitrary Command Execution via Backquote Characters in Mutt and NeoMutt

CVE-2018-14357 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.

Learn more about our Cis Benchmark Audit For Server Software.