- Description
- Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- exim
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- cve@mitre.org
- CWE-416
- Hype score
- Not currently trending
CVE-2026-45185: Email infrastructure remains one of the Internet’s highest-value attack surfaces. In @BleepinComputer, Bill Toulas covers XBOW’s discovery of CVE-2026-45185, a critical unauthenticated Exim RCE, and the crucial role AI tools play in helping security…
@lyrie_ai
7 Jun 2026
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2026-45185: Exim Mail Server Remote Code Execution - What It Means for Your Business and How to Respond https://t.co/RLx0170GsS
@integ_sec
31 May 2026
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-45185: ⚠️⚠️ CVE-2026-45185 (CVSS 9.8): Critical Exim mail-server vulnerability — patch or upgrade immediately. 🔗FOFA Link: 🎯6.0M+ Results are found on in the past year. FOFA Query: app="Exim-Mail-Server" 🔖Refer:…
@lyrie_ai
17 May 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
New zero-days hit Microsoft Exchange (XSS/spoofing, CVE-2026-42897) & Windows DNS Client (RCE, CVE-2026-41096), plus Exim MTA (RCE, CVE-2026-45185). Critical for data privacy & integrity in transit. Patch ASAP! #Cybersecurity #InfoSec #Vulnerabilities
@YourAnon_irc
17 May 2026
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A new critical Exim mailer flaw (CVE-2026-45185) allows remote code execution. #CyberSecurity #InfoSec https://t.co/V2FwJqOAzY https://t.co/6VU0mBuctE
@twelvesec
16 May 2026
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-44581 2 - CVE-2026-45185 3 - CVE-2026-44578 4 - CVE-2026-20182 5 - CVE-2026-42945 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
16 May 2026
144 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
THREAT INTEL: CVE-2026-45185 Dead.Letter - Exim pre-auth RCE via BDAT/GnuTLS UAF. 9 detections, 24 IOCs. https://t.co/DynMOo9pVI #ThreatIntel #Exim #RCE #CVE https://t.co/162nPZb9SR
@threadlinqs
14 May 2026
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F6BADD-C865-40D6-BE0A-BC7389F40FFA",
"versionEndExcluding": "4.99.3",
"versionStartIncluding": "4.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]