CVE-2026-43964: High severity Postfix Postfix vulnerability
Published May 4, 2026
·Updated
Last updated 13 May 2026
Other sources
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
— MITRE
Affected Software
6 affected componentsFixes available
Postfix Postfix<3.8.16, <3.9.10, <3.10.9
Postfix Postfix<3.8.16
Postfix Postfix>=3.9.0<3.9.10
Postfix Postfix>=3.10.0<3.10.9
Microsoft azl3 postfix 3.9.0-2
debian/postfix<=3.5.25-0+deb11u1, <=3.7.11-0+deb12u1, <=3.10.5-1~deb13u1
3.11.2-43.11.3-1
Event History
May 4, 2026
CVE Published
via MITRE·06:10 PM
Data Sourced
via MITRE·06:10 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·07:16 PM
DescriptionSeverityWeaknessAffected Software
May 6, 2026
Data Sourced
via Microsoft·08:01 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·08:01 AM
Affected Software
Updated
via Microsoft·08:01 AM
DescriptionSeverity
Jun 5, 2026
Data Sourced
via Ubuntu·07:52 PM
RemedyDescriptionSeverityAffected Software
Data Sourced
via Debian·07:54 PM
DescriptionAffected Software
Data Sourced
via Launchpad·07:54 PM
Description
Frequently Asked Questions
1
What is the severity of CVE-2026-43964?
CVE-2026-43964 has been classified as a moderate severity vulnerability.
2
How do I fix CVE-2026-43964?
To fix CVE-2026-43964, update Postfix to version 3.8.16, 3.9.10 or 3.10.9 or later.
3
What products are affected by CVE-2026-43964?
CVE-2026-43964 affects Postfix versions prior to 3.8.16, 3.9 prior to 3.9.10, and 3.10 prior to 3.10.9.
4
What type of vulnerability is CVE-2026-43964?
CVE-2026-43964 is a buffer over-read vulnerability that can cause a process crash.
5
What are the potential impacts of CVE-2026-43964?
The potential impacts of CVE-2026-43964 include the possibility of application instability or crashes.