New Critical Exim Mailer Flaw Allows Remote Code Execution

New critical Exim mailer flaw allows remote code execution

A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. [...]

New Critical Exim Mailer Allows Remote Attacker to Execute Arbitrary Code

A critical vulnerability in the widely used Exim mail server allows unauthenticated attackers to execute arbitrary code and fully compromise exposed servers. Federico Kirschbaum, head of the Security Lab at XBOW, discovered and reported the issue, which has been dubbed Dead.Letter. The vulnerability carries a massive CVSS severity score of 9.8, making it one of […] The post New Critical Exim Mailer Allows Remote Attacker to Execute Arbitrary Cod…

Exim BDAT Vulnerability Patch Released For CVE-2026

A newly revealed Exim BDAT vulnerability is affecting some email server setups that use Exim as their Mail Transfer Agent (MTA), prompting security attention due to its severity. Tracked as CVE-2026-45185 with a CVSS score of 9.8 and internally referred to as “Dead.Letter,” the issue is classified as a remote use-after-free vulnerability that can lead to memory corruption and potentially code execution under specific conditions involving GnuTLS.…

New Exim BDAT GnuTLS Vulnerability Enables Code Execution Attacks

A serious security flaw has been found in Exim, one of the most widely deployed mail transfer agents on the internet today. The vulnerability, tracked as EXIM-Security-2026-05-01.1, allows a remote attacker to corrupt server memory and potentially execute malicious code without needing any special privileges or credentials. It was publicly disclosed on May 12, 2026, following a coordinated responsible disclosure process that began in early May. …