CVE-2025-26794

Name of the Vulnerable Software and Affected Versions Exim versions 4.98 through 4.98.0

Description The issue allows remote SQL injection when SQLite hints and ETRN serialization are used. This could potentially allow a remote attacker to perform SQL injection, possibly stealing sensitive data or crashing servers. The vulnerability exists in Exim version 4.98 when specific configurations are used, involving the use of SQLite hints and ETRN serialization.

Recommendations Update to Exim version 4.98.1 or later to prevent exploitation and safeguard data. As a temporary workaround, consider disabling the use of SQLite hints and ETRN serialization until a patch is available. Restrict access to the Exim mail transfer agent to minimize the risk of exploitation.