Critical Exim RCE Flaw CVE-2026-45185 Lets Attackers Hijack Mail Servers Remotely
A critical use-after-free vulnerability, CVE-2026-45185, was disclosed on May 12, 2026, affecting Exim mail transfer agent versions 4.97 through 4.99.2 built with GnuTLS. The flaw, dubbed 'Dead.Letter,' allows unauthenticated remote attackers to achieve arbitrary code execution by sending a specially crafted BDAT sequence over an SMTP connection. Exim is the default mail server on Debian, Ubuntu, and many other Linux distributions, making the potential attack surface extremely large. The vulnerability was discovered by the XBOW research team, who used AI assistance to develop a working exploit — raising concerns about how quickly similar attacks could be replicated. Exim has released version 4.99.3 to fully address the issue, and administrators are urged to upgrade immediately; systems using OpenSSL instead of GnuTLS are not affected.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in