Main Vulnerability Database Vulnerabilities #VU130455

Out-of-bounds write in Exim - CVE-2026-40685

Published: May 7, 2026

Vulnerability identifier: #VU130455

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-40685

CWE-ID: CWE-787

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Exim

Software vendor:
Exim

Description

The vulnerability allows a remote attacker to cause memory corruption.

The vulnerability exists due to out-of-bounds read/write in json operators when processing invalid externally-provided input in headers. A remote attacker can supply corrupt JSON data to cause memory corruption.

The issue affects configurations that use json operators on externally provided input.

Remediation

Install security update from vendor's website.

External links

https://www.openwall.com/lists/oss-security/2026/04/30/21
https://lists.exim.org/lurker/message/20260429.121733.f58d9686.en.html

Out-of-bounds write in Exim - CVE-2026-40685

Description

Remediation

External links

Please verify you're human