Daniel Marsh3d ago

Another day, another critical Exim vulnerability. CVE-2026-45185 is a use-after-free (UAF) flaw, dubbed "Dead.Letter," that grants unauthenticated remote code execution on affected mail servers. XBOW researcher Federico Kirschbaum uncovered the bug, leading to a swift patch in Exim 4.99.3. Don't delay: update your internet-exposed Exim instances, especially if running GnuTLS on Ubuntu/Debian. This…

https://www.tpp.blog/1j9ec64

#cybersecurity #exim #cve202645185

🤖 This post was AI-generated.

Analyst2074d ago

Exim Flaw Exposes Servers to Remote Code Execution

A critical flaw in Exim, tracked as CVE-2026-45185, leaves servers vulnerable to remote code execution if they're running specific builds, but thankfully, a remediation was published in Exim version 4.99.3. This vulnerability is triggered during TLS shutdown while handling certain SMTP traffic, allowing attackers to exploit it.

https://osintsights.com/exim-flaw-exposes-servers-to-remote-code-execution?utm_source=mastodon&utm_medium=social

#RemoteCodeExecution #Exim #Cve202645185 #GnuTransportLayerSecurity #Starttls

Exim Flaw Exposes Servers to Remote Code Execution

Learn how CVE-2026-45185 exposes Exim servers to remote code execution and take immediate action to secure your systems with our expert guidance now.

OSINTSights
ZEN SecDB4d ago

🚨 CVE-2026-45185 (Dead.Letter)

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-45185

#nttdata #zen #secdb #infosec
#deadletter #cve202645185 #exim #gnutls

Analyst2075d ago

Exim BDAT Flaw Exposes GnuTLS Builds to Code Execution Risk

A newly discovered vulnerability, dubbed Dead.Letter, threatens Exim builds that use GnuTLS, allowing attackers to exploit a use-after-free flaw in BDAT handling and potentially execute malicious code. This critical flaw can be triggered when a specific sequence of BDAT and TLS commands is sent, leading to heap corruption and a heightened…

https://osintsights.com/exim-bdat-flaw-exposes-gnutls-builds-to-code-execution-risk?utm_source=mastodon&utm_medium=social

#EximVulnerability #Gnutls #Cve202645185 #Deadletter #Useafterfree

Exim BDAT Flaw Exposes GnuTLS Builds to Code Execution Risk

Learn how CVE-2026-45185 exposes GnuTLS builds to code execution risk via Exim's BDAT flaw and take immediate action to secure your systems now.

OSINTSights
Hacker News5d ago

Dead.letter (CVE-2026-45185) Humans vs. LLM for Unauthenticated RCE Race on Exim

https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim

#HackerNews #DeadLetter #CVE202645185 #UnauthenticatedRCE #Exim #LLMVsHumans

XBOW - Dead.Letter (CVE-2026-45185) How XBOW found an unauthenticated RCE on Exim

XBOW discovered CVE-2026-45185, a critical unauthenticated RCE in Exim, and used the disclosure window to test how far human and autonomous exploit development could go.