CVSS 3.1 Score 9.3 of 10 (high)


Published Dec 15, 2023
Updated: Dec 28, 2023


CVE-2023-46116 is a critical vulnerability affecting Tutanota (Tuta Mail), an encrypted email provider. The vulnerability exists in versions prior to 3.118.12 and allows malicious actors to execute code on a victim's computer by exploiting harmful URL schemes such as ftp: and smb:. The issue is caused by a failure to block these schemes in addition to the file: scheme. A patch has been released in version 3.118.2 to address this vulnerability. The potential danger of this vulnerability is high, as successful exploitation could lead to unauthorized code execution on a victim's computer, potentially compromising sensitive information and system integrity.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-46116 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options