Critical severity9.8NVD Advisory· Published May 12, 2026· Updated May 28, 2026
CVE-2026-45185
CVE-2026-45185
Description
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
8- www.openwall.com/lists/oss-security/2026/05/12/25nvdMailing ListThird Party Advisory
- code.exim.org/exim/wiki/wiki/EximSecuritynvdVendor Advisory
- www.openwall.com/lists/oss-security/2026/05/12/4nvdMailing ListThird Party Advisory
- xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-eximnvdThird Party Advisory
- exim.orgnvdProduct
- exim.org/static/doc/security/CVE-2026-45185.txtnvdBroken Link
- exim.org/static/doc/security/EXIM-Security-2026-05-01.1/nvdRelease Notes
- news.ycombinator.com/itemnvdIssue Tracking
News mentions
3- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and MoreThe Hacker News · May 18, 2026
- New critical Exim mailer flaw allows remote code executionBleepingComputer · May 13, 2026
- New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code ExecutionThe Hacker News · May 12, 2026