Low severity3.7NVD Advisory· Published May 4, 2026· Updated May 11, 2026
CVE-2026-43964
CVE-2026-43964
Description
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12- osv-coords10 versionspkg:rpm/almalinux/postfixpkg:rpm/almalinux/postfix-cdbpkg:rpm/almalinux/postfix-ldappkg:rpm/almalinux/postfix-lmdbpkg:rpm/almalinux/postfix-mysqlpkg:rpm/almalinux/postfix-pcrepkg:rpm/almalinux/postfix-perl-scriptspkg:rpm/almalinux/postfix-pgsqlpkg:rpm/almalinux/postfix-sqlitepkg:rpm/opensuse/postfix&distro=openSUSE%20Tumbleweed
< 2:3.8.5-10.el10_2+ 9 more
- (no CPE)range: < 2:3.8.5-10.el10_2
- (no CPE)range: < 2:3.8.5-10.el10_2
- (no CPE)range: < 2:3.8.5-10.el10_2
- (no CPE)range: < 2:3.8.5-10.el10_2
- (no CPE)range: < 2:3.8.5-10.el10_2
- (no CPE)range: < 2:3.8.5-10.el10_2
- (no CPE)range: < 2:3.8.5-10.el10_2
- (no CPE)range: < 2:3.8.5-10.el10_2
- (no CPE)range: < 2:3.8.5-10.el10_2
- (no CPE)range: < 3.11.2-1.1
Patches
Vulnerability mechanics
References
2- www.openwall.com/lists/oss-security/2026/05/04/30nvdMailing ListThird Party Advisory
- www.mail-archive.com/postfix-announce@postfix.org/msg00110.htmlnvdMailing ListThird Party Advisory
News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026