Security · 2h ago
Critical Exim RCE Flaw Allows Unauthenticated Attacks on Mail Servers
CVE-2026-45185 is a use-after-free vulnerability in Exim's BDAT parsing when using GnuTLS, affecting versions 4.97 to 4.99.2. Remote unauthenticated attackers can achieve code execution by sending a crafted email. The flaw was exploited using AI-assisted development, lowering the barrier for copycat attacks.
Meridian48 take
This is the second AI-assisted zero-day this week, underscoring how AI is accelerating exploit development — patching Exim immediately is critical.
Read the full reporting
Exim CVE-2026-45185 — Unauthenticated RCE in the World's Most Deployed Mail Server →
DEV Community
eximcve-2026-45185