Exim CVE-2026-45185: Remote Code Execution Flaw Fixed

A serious security flaw has been discovered in Exim, a widely used mail server application. According to Security.NL, the vulnerability (CVE-2026-45185) was reported on 15 May 2026 and allows an unauthenticated attacker to remotely execute code on an affected mail server.

What is the vulnerability?

According to Security.NL, the flaw is a use-after-free vulnerability in the GnuTLS backend of Exim. It affects versions 4.97 through 4.99.2. The vulnerability is triggered when GnuTLS processes a TLS connection and the configuration USE_GNUTLS=yes is enabled on the server.

The issue was discovered by security company Xbow. According to Xbow, this is not an unusual server configuration, meaning a significant number of mail servers could be at risk. Beyond executing code, attackers could potentially gain access to email and carry out further attacks against the affected environment.

Who is affected?

If your business runs its own mail server using Exim with GnuTLS enabled, and the version falls between 4.97 and 4.99.2, your server may be vulnerable. Many small businesses rely on hosted email services rather than self-managed mail servers, but if you or your hosting provider uses Exim, it is worth checking.

What should you do?

Administrators are urged to update to Exim version 4.99.3 as soon as possible. If you are running Debian, backported fixes are available without needing to upgrade to version 4.99.3 directly:

• Debian stable (trixie): version 4.98.2-1+deb13u2
• Debian oldstable (bookworm): version 4.96-15+deb12u9

If you are unsure whether your hosting provider uses Exim, contact them and ask whether they have applied the fix for CVE-2026-45185. A good hosting provider should be able to confirm this quickly.

For a broader overview of security steps you can take for your online presence, see our security checklist for small businesses.

What does this mean for your website?

If your website or business email runs on a self-managed server using Exim, you should check with your server administrator or hosting provider whether the patch has been applied. A compromised mail server could give attackers access to your business emails, which may include customer data and order information. Keeping your server software up to date is one of the most straightforward ways to reduce this risk.

Source: Security.NL