CVE-2026-45185

Name of the Vulnerable Software and Affected Versions Exim versions 4.97 through 4.99.2

Description A use-after-free flaw exists in the BDAT (CHUNKING) SMTP extension when Exim is built with GnuTLS. An unauthenticated attacker can trigger this issue by prematurely terminating a TLS session during a binary data transfer, causing the system to write data into a freed memory buffer. This leads to heap corruption, which can be leveraged to achieve remote code execution.

Recommendations Upgrade to version 4.99.3.