Security
Exim CVE-2026-45185: Remote Code Execution Flaw Fixed
By Steven | TrustYourWebsite2 min read
Source: Security.NL
A serious security flaw has been discovered in Exim, a widely used mail server application. According to Security.NL, the vulnerability (CVE-2026-45185) was reported on 15 May 2026 and allows an unauthenticated attacker to remotely execute code on an affected mail server.
What is the vulnerability?
According to Security.NL, the flaw is a use-after-free vulnerability in the GnuTLS backend of Exim. It affects versions 4.97 through 4.99.2. The vulnerability is triggered when GnuTLS processes a TLS connection and the configuration USE_GNUTLS=yes is enabled on the server.
The issue was discovered by security company Xbow. According to Xbow, this is not an unusual server configuration, meaning a significant number of mail servers could be at risk. Beyond executing code, attackers could potentially gain access to email and carry out further attacks against the affected environment.
Who is affected?
If your business runs its own mail server using Exim with GnuTLS enabled, and the version falls between 4.97 and 4.99.2, your server may be vulnerable. Many small businesses rely on hosted email services rather than self-managed mail servers, but if you or your hosting provider uses Exim, it is worth checking.
What should you do?
Administrators are urged to update to Exim version 4.99.3 as soon as possible. If you are running Debian, backported fixes are available without needing to upgrade to version 4.99.3 directly:
- Debian stable (trixie): version 4.98.2-1+deb13u2
- Debian oldstable (bookworm): version 4.96-15+deb12u9
If you are unsure whether your hosting provider uses Exim, contact them and ask whether they have applied the fix for CVE-2026-45185. A good hosting provider should be able to confirm this quickly.
For a broader overview of security steps you can take for your online presence, see our security checklist for small businesses.
What does this mean for your website?
If your website or business email runs on a self-managed server using Exim, you should check with your server administrator or hosting provider whether the patch has been applied. A compromised mail server could give attackers access to your business emails, which may include customer data and order information. Keeping your server software up to date is one of the most straightforward ways to reduce this risk.
Source: Security.NL
Check your website now
Free website scan covering GDPR, copyright, accessibility, security, and more.
Start free checkRelated articles
Security
FunnelKit Plugin Vulnerability Steals Payment Data
A critical, unauthenticated vulnerability in the FunnelKit Funnel Builder WordPress plugin (versions before 3.15.0.3) is being actively exploited to inject payment card skimmers into WooCommerce…
2 min read
Security
Avada Builder Vulnerabilities: Update to Version 3.15.3 Now
Two vulnerabilities in the Avada Builder WordPress plugin (CVE-2026-4782 and CVE-2026-4798) allow arbitrary file read and SQL injection attacks, enabling credential theft and potential site takeover.
2 min read
Security
TanStack npm Hack: 84 Malicious Packages Released
An attacker published 84 malicious versions of official TanStack npm packages between 19:20 and 19:26 UTC on May 11, 2026, delivering credential theft, self-propagation, and disk-wiping malware via a…
2 min read