CVE-2026-45185 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: May 12, 2026
Overview
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.
Severity & Score
References
- https://exim.org
- https://exim.org/static/doc/security/CVE-2026-45185.txt
- https://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/
- https://news.ycombinator.com/item?id=48111748
- https://www.openwall.com/lists/oss-security/2026/05/12/4
- https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
- https://code.exim.org/exim/wiki/wiki/EximSecurity
Social Media Activity(11 posts)
Dead.Letter (CVE-2026-45185) โ How XBOW found an unauthenticated RCE on Exim Link: https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim Comments: https://news.ycombinator.com/item?id=48111748
View original post
Dead.letter (CVE-2026-45185) Humans vs. LLM for Unauthenticated RCE Race on Exim - https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim #hackernews
View original post
๐ Ah, another day, another #CVE nobody asked for. Humans vs. #AI in a race to exploit #Exim, because *obviously* that's what we needโSkynet learning to hack email servers. ๐ But hey, at least the buzzwords and pentest pitches are here to save us from the tedium of actual #security work. ๐ https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim #Skynet #Hacking #HackerNews #ngated
View original post
Dead.letter (CVE-2026-45185) Humans vs. LLM for Unauthenticated RCE Race on Exim https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim #HackerNews #DeadLetter #CVE202645185 #UnauthenticatedRCE #Exim #LLMVsHumans
View original post
Dead.Letter (CVE-2026-45185) โ How XBOW found an unauthenticated RCE on Exim https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
View original post
Dead.Letter (CVE-2026-45185) How XBOW found an unauthenticated RCE on Exim https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
View original post
Dead.Letter (CVE-2026-45185) โ How XBOW found an unauthenticated RCE on Exim Link: https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim Comments: https://news.ycombinator.com/item?id=48111748
View original post
๐ Ah, another day, another #CVE nobody asked for. Humans vs. #AI in a race to exploit #Exim, because *obviously* that's what we needโSkynet learning to hack email servers. ๐ But hey, at least the buzzwords and pentest pitches are here to save us from the tedium of actual #security work. ๐ https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim #Skynet #Hacking #HackerNews #ngated
View original post
Dead.letter (CVE-2026-45185) Humans vs. LLM for Unauthenticated RCE Race on Exim https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim #HackerNews #DeadLetter #CVE202645185 #UnauthenticatedRCE #Exim #LLMVsHumans
View original post
Dead.Letter (CVE-2026-45185) โ How XBOW found an unauthenticated RCE on Exim https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
View original post
Dead.Letter (CVE-2026-45185) How XBOW found an unauthenticated RCE on Exim https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
View original postGitHub Repositories(1 repo)
Related Resources
Details
- CVE ID
- CVE-2026-45185
- Severity
- Critical
- CVSS Score
- 9.8
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 11
CWE
- CWE-416
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H