Security
Exim CVE-2026-45185 Vulnerability: CERT-FR Advisory
By Steven | TrustYourWebsite2 min read
Source: CERT-FR
French cybersecurity agency CERT-FR has published an advisory warning of a vulnerability in Exim, a widely used mail transfer agent. According to CERT-FR, advisory CERTFR-2026-AVI-0589 was published on 13 May 2026 and covers a security flaw tracked as CVE-2026-45185.
What is affected?
According to CERT-FR, the vulnerability affects Exim versions 4.97 and later, up to but not including version 4.99.3. The nature of the risk has not been specified by the vendor, meaning the exact impact of a successful attack is not publicly detailed at this time.
What do we know about the risk?
According to CERT-FR, the vulnerability allows an attacker to cause an unspecified security issue. Because the vendor has not described the risk in detail, it is not currently possible to say precisely what an attacker could do if they exploited this flaw. That uncertainty is itself a reason to act promptly rather than wait for more information.
What should you do?
CERT-FR directs users to apply the patches referenced in the Exim security bulletin Security-2026-05-01.1, dated 12 May 2026. If your website, hosting environment or email setup runs on a server that uses Exim, you or your hosting provider should check whether the software is running an affected version and apply the relevant patches as described in that bulletin.
If you are unsure whether your setup uses Exim, the simplest step is to contact your hosting provider and ask them directly. Many small business websites run on managed hosting where the provider handles server software, but it is always worth confirming.
For a broader look at keeping your website secure, our security checklist for small businesses is a good starting point. If you use WordPress, it is also worth reviewing our guide on vulnerable plugins, as outdated software of any kind can create similar risks.
What does this mean for your website?
If your website or business email is hosted on a server running Exim between version 4.97 and 4.99.3, your setup may be affected by this vulnerability. Contact your hosting provider to confirm which version of Exim is in use and ask them to apply the patches from the Exim security bulletin Security-2026-05-01.1. Keeping server software up to date is one of the most straightforward ways to reduce security risk for your business.
Check your website now
Free website scan covering GDPR, copyright, accessibility, security, and more.
Start free checkRelated articles
Security
PHP Security Flaws: Update Now to Fix Critical
CERT-FR published advisory CERTFR-2026-AVI-0553 on 11 May 2026 reporting multiple vulnerabilities in PHP versions 8.2.x, 8.3.x, 8.4.x, and 8.5.x, including remote denial of service, SQL injection,…
2 min read
Security
Linux Kernel Dirty Frag Vulnerability Patched
A Linux kernel vulnerability named 'Dirty Frag', enabling local privilege escalation to superuser, was publicly disclosed on 7 May after an embargo was broken by third parties.
2 min read
Security
Spring 2026 web security roundup: what changed in 6 weeks
SPIP, Spring, NGINX, cPanel, Let's Encrypt, MD5, Windows worm CVEs and a WordPress backdoor — a grounded recap of late April to mid May 2026.
4 min read