CVE-2026-48840

MEDIUM NVD

CVSS Score 5.3

Severity MEDIUM

Published May 30, 2026

Vendor unknown

Description

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.

References

https://exim.org/static/doc/security/EXIM-Security-2026-05-19.1
https://www.openwall.com/lists/oss-security/2026/05/29/3
http://www.openwall.com/lists/oss-security/2026/05/29/3