CVE-2024-49394 MEDIUM

CVE-2024-49394: Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing

Vendor Red Hat
Product Red Hat Enterprise Linux 7
Weakness CWE-347
Published November 12, 2024
Last update November 21, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.

Key dates

02Disclosure timeline

November 12, 2024 CVE published
November 21, 2025 Record updated