Use-After-Free Vulnerability in Exim Due to GnuTLS Configuration
CVE-2026-45185
Key Information:
Badges
What is CVE-2026-45185?
CVE-2026-45185 is a significant vulnerability affecting Exim, a widely used open-source mail transfer agent (MTA) primarily utilized for sending and receiving email on Unix-like operating systems. The vulnerability occurs due to improper handling of a specific GnuTLS configuration, leading to a use-after-free condition in the BDAT body parsing path. This flaw is triggered when a client unexpectedly sends a TLS close_notify signal mid-transfer during a CHUNKING process, followed by a cleartext byte on the same TCP connection. When exploited, this vulnerability could result in heap corruption, potentially allowing an unauthenticated remote attacker to execute arbitrary code on the affected server. Given Exim's prevalence in email handling, the implications of this vulnerability could be severe, compromising the confidentiality and integrity of email communications and server stability.
Potential impact of CVE-2026-45185
-
Arbitrary Code Execution: The primary risk associated with CVE-2026-45185 is the potential for arbitrary code execution by an unauthenticated attacker. This could allow malicious actors to gain control over the affected server, enabling them to deploy malware, manipulate data, or launch further attacks.
-
Service Disruption and Downtime: Exploitation of this vulnerability could lead to instability within the Exim service, resulting in significant downtime. This disruption would not only affect email delivery but could also have downstream impacts on business operations and communication.
-
Data Integrity Risks: With the possibility of an attacker executing code, there are substantial risks concerning data integrity. Unauthorized modifications to email messages or server configurations could lead to data loss, data breaches, or the spread of misinformation, thus undermining the trustworthiness of the email system.
Affected Version(s)
Exim 4.97 < 4.99.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
HackadayCVE-2026-45185This Week In Security: Android Exposes ADB, ShinyHunters Get Paid, Robot Dogs, And More
Google has patched an Android ADB bug in the May security patch set. If you have a Pixel phone you should already have the patches, and most other major manufacturers should be close behind. Unfort…
3 weeks ago
It Security NewsCVE-2026-45185Critical Exim Mailer Flaw Enables Remote Code Execution Attacks - IT Security News
A newly disclosed vulnerability in the widely used Exim mail transfer agent exposes thousands of internet-facing mail servers to unauthenticated remote code execution, threatening core email infrastructure across Linux and Unix-like systems. Tracked as CVE-2026-45185 and nicknamed “Dead.Letter,” the...
1 month ago
New critical Exim mailer flaw allows remote code execution
A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code.
1 month ago
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 💰
Used in Ransomware
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 📰
First article discovered by Biztoc
Vulnerability published
Vulnerability Reserved