VYPR
Medium severity6.5NVD Advisory· Published Apr 30, 2026· Updated May 1, 2026

CVE-2026-40685

CVE-2026-40685

Description

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Exim/Exim2 versions
    cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*range: <4.99.2
    • (no CPE)range: <4.99.2

Patches

Vulnerability mechanics

References

4

News mentions

1