CVE-2026-45185 – Exim

CVSS 9.8 CRITICAL

“One broken connection can turn email infrastructure into an attacker’s foothold.”

Exim released a critical patch addressing CVE-2026-45185, a remotely exploitable use-after-free vulnerability in the BDAT body parsing path. The issue occurs under specific GnuTLS configurations when a TLS connection is interrupted mid-transfer and followed by unexpected input, leading to heap corruption. This creates a direct path for unauthenticated attackers to execute arbitrary code on affected mail servers.

CVE-2026-45185 has a CVSS score of 9.8, which is Critical severity. There is no verified evidence of active exploitation or public proof-of-concept code at this time. The patch eliminates unsafe memory handling during edge-case connection transitions and secures the parsing logic against malformed or malicious input sequences.

Key Details

Affected Product: Exim Exim
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
CWE Classification: CWE-416

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2026-45185 – Exim

Key Details

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002