Critical severity9.8NVD Advisory· Published May 12, 2026· Updated May 13, 2026
CVE-2026-45185
CVE-2026-45185
Description
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.openwall.com/lists/oss-security/2026/05/12/25nvd
- code.exim.org/exim/wiki/wiki/EximSecuritynvd
- exim.orgnvd
- exim.org/static/doc/security/CVE-2026-45185.txtnvd
- exim.org/static/doc/security/EXIM-Security-2026-05-01.1/nvd
- news.ycombinator.com/itemnvd
- www.openwall.com/lists/oss-security/2026/05/12/4nvd
- xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-eximnvd
News mentions
2- New critical Exim mailer flaw allows remote code executionBleepingComputer · May 13, 2026
- New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code ExecutionThe Hacker News · May 12, 2026