A critical Exim flaw tracked as CVE-2026-45185 can let an unauthenticated remote attacker achieve code execution on affected mail servers using GnuTLS and BDAT chunked SMTP traffic. Exim released version 4.99.3 to fix the issue, and users on impacted Ubuntu and Debian-based systems should update immediately. #Exim #CVE-2026-45185 #GnuTLS #Ubuntu #Debian
Keypoints
- CVE-2026-45185 affects Exim versions before 4.99.3 with GnuTLS support.
- The flaw is a user-after-free issue triggered during TLS shutdown.
- BDAT chunked SMTP traffic can cause stale callbacks to write into freed memory.
- An attacker may execute commands and access emails on vulnerable servers.
- Exim 4.99.3 is the fixed version for impacted Linux distributions.