CVE-2026-45185

CRITICAL NVD

CVSS Score 9.8

Severity CRITICAL

Published May 12, 2026

Vendor unknown

Description

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

References

https://code.exim.org/exim/wiki/wiki/EximSecurity
https://exim.org
https://exim.org/static/doc/security/CVE-2026-45185.txt
https://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/
https://news.ycombinator.com/item?id=48111748