CVE-2026-45185

Published May 12, 2026

Last updated 11 days ago

CVSS critical 9.8

Tls

Overview

Description: Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.
Source: cve@mitre.org
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

cve@mitre.org: CWE-416

Hype score: Not currently trending

CVE-2026-45185: ⚠️⚠️ CVE-2026-45185 (CVSS 9.8): Critical Exim mail-server vulnerability — patch or upgrade immediately. 🔗FOFA Link: 🎯6.0M+ Results are found on in the past year. FOFA Query: app="Exim-Mail-Server" 🔖Refer:…
@lyrie_ai
17 May 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
New zero-days hit Microsoft Exchange (XSS/spoofing, CVE-2026-42897) & Windows DNS Client (RCE, CVE-2026-41096), plus Exim MTA (RCE, CVE-2026-45185). Critical for data privacy & integrity in transit. Patch ASAP! #Cybersecurity #InfoSec #Vulnerabilities
@YourAnon_irc
17 May 2026
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A new critical Exim mailer flaw (CVE-2026-45185) allows remote code execution. #CyberSecurity #InfoSec https://t.co/V2FwJqOAzY https://t.co/6VU0mBuctE
@twelvesec
16 May 2026
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-44581 2 - CVE-2026-45185 3 - CVE-2026-44578 4 - CVE-2026-20182 5 - CVE-2026-42945 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
16 May 2026
144 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
THREAT INTEL: CVE-2026-45185 Dead.Letter - Exim pre-auth RCE via BDAT/GnuTLS UAF. 9 detections, 24 IOCs. https://t.co/DynMOo9pVI #ThreatIntel #Exim #RCE #CVE https://t.co/162nPZb9SR
@threadlinqs
14 May 2026
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability•CVE-2026-31431
Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled.•CVE-2026-5194
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and resulting in a remote Denial of Service (DoS) condition.•CVE-2026-1584
In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileges to cluster admin.•CVE-2026-34179
Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.•CVE-2026-31789

References

Sources include official advisories and independent security research.

https://nvd.nist.gov/vuln/detail/CVE-2026-45185
https://code.exim.org/exim/wiki/wiki/EximSecurity
https://exim.org
https://exim.org/static/doc/security/CVE-2026-45185.txt
https://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/
https://news.ycombinator.com/item?id=48111748
https://www.openwall.com/lists/oss-security/2026/05/12/4
https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
http://www.openwall.com/lists/oss-security/2026/05/12/25

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Related CVEs

References