CVE-2026-45185

Published: Mag 12, 2026 Last Modified: Mag 12, 2026
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

416

Use After Free

Stable
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability Confidentiality
Potential Impacts:
Modify Memory Dos: Crash, Exit, Or Restart Read Memory Execute Unauthorized Code Or Commands
Applicable Platforms
Languages: C, C++, Memory-Unsafe
Likelihood of Exploit: High
View CWE Details
https://code.exim.org/exim/wiki/wiki/EximSecurity
https://code.exim.org/exim/wiki/wiki/EximSecurity
https://exim.org
https://exim.org
https://exim.org/static/doc/security/CVE-2026-45185.txt
https://exim.org/static/doc/security/CVE-2026-45185.txt
https://exim.org/static/doc/security/EXIM-Security-2026-05-…
https://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/
https://news.ycombinator.com/item?id=48111748
https://news.ycombinator.com/item?id=48111748
https://www.openwall.com/lists/oss-security/2026/05/12/4
https://www.openwall.com/lists/oss-security/2026/05/12/4
https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found…
https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim