Exim security patch release for CVE-2026-45185
Security Patch Release
Summary
Hide ▲
Show ▼
Exim released version 4.99.3 to fix CVE-2026-45185, closing a remote-code-execution risk in affected mail servers. The patch applies to Exim versions before 4.99.3 that use GnuTLS with STARTTLS and CHUNKING enabled. The vulnerability was unauthenticated and could let a remote attacker execute arbitrary code. Administrators on Ubuntu and Debian-based systems should install the updated package through their package managers.
Related Happenings
Ivanti security patch release for CVE-2026-8043
Security Patch Release
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
CPanel security patch release for CVE-2026-29201
Security Patch Release
First: 09.05.2026 10:16
Last: 09.05.2026 10:16
Sources 1
About this happening:
**cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...
CPanel security patch release for CVE-2026-29201
Security Patch ReleaseAbout this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch Release
First: 07.04.2026 12:26
Last: 07.04.2026 12:26
Sources 1
About this happening:
**Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch ReleaseAbout this happening: **Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...
Elementor Ally 4.1.0 security patch release (CVE-2026-2313)
Security Patch Release
First: 11.03.2026 21:38
Last: 11.03.2026 21:38
Sources 1
About this happening:
**Elementor** released **Ally 4.1.0** to fix **CVE-2026-2313**, a **SQL injection** flaw in the WordPress accessibility plugin that could expose **sensitive data**. The update lan...
Elementor Ally 4.1.0 security patch release (CVE-2026-2313)
Security Patch ReleaseAbout this happening: **Elementor** released **Ally 4.1.0** to fix **CVE-2026-2313**, a **SQL injection** flaw in the WordPress accessibility plugin that could expose **sensitive data**. The update lan...
SolarWinds security patch release for CVE-2025-40538
Security Patch Release
First: 25.02.2026 09:04
Last: 25.02.2026 09:04
Sources 1
About this happening:
**SolarWinds** released **Serv-U** updates that fix **four critical flaws** in **version 15.5**, reducing the risk of **remote code execution**. The patched issues are tracked as...
SolarWinds security patch release for CVE-2025-40538
Security Patch ReleaseAbout this happening: **SolarWinds** released **Serv-U** updates that fix **four critical flaws** in **version 15.5**, reducing the risk of **remote code execution**. The patched issues are tracked as...
Timeline
-
13.05.2026 23:23 1 articles · 13d ago
XBOW reports CVE-2026-45185 to Exim maintainers
Initial DisclosureXBOW reports the CVE-2026-45185 vulnerability to the Exim maintainers on May 1st after identifying a critical user-after-free flaw in Exim builds that use GnuTLS during TLS shutdown while handling BDAT chunked SMTP traffic.
Show sources
- New critical Exim mailer flaw allows remote code execution — www.bleepingcomputer.com — 13.05.2026 23:23
-
13.05.2026 23:23 1 articles · 13d ago
Exim maintainers acknowledge the CVE-2026-45185 report
Untyped PhaseExim maintainers acknowledge the CVE-2026-45185 report on May 5th, continuing the disclosure process for a critical Exim flaw that can enable unauthenticated remote code execution on affected GnuTLS-based builds.
Show sources
- New critical Exim mailer flaw allows remote code execution — www.bleepingcomputer.com — 13.05.2026 23:23
-
13.05.2026 23:23 1 articles · 13d ago
Impacted Linux distributions are notified about CVE-2026-45185
Campaign Scope UpdateImpacted Linux distributions are notified three days after the maintainer acknowledgment so downstream package maintainers can prepare Exim updates for affected GnuTLS builds with STARTTLS and CHUNKING advertised.
Show sources
- New critical Exim mailer flaw allows remote code execution — www.bleepingcomputer.com — 13.05.2026 23:23
-
13.05.2026 23:23 2 articles · 13d ago
Public disclosure details CVE-2026-45185 and the Exim 4.99.3 fix
Technical Analysis UpdatePublic reporting identifies CVE-2026-45185 as a critical Exim user-after-free flaw in versions 4.97 through 4.99.2 on GnuTLS builds with STARTTLS and CHUNKING advertised, notes that OpenSSL-based builds are not affected, and states that Exim version 4.99.3 fixes the issue.
Show sources
- New critical Exim mailer flaw allows remote code execution — www.bleepingcomputer.com — 13.05.2026 23:23
- New critical Exim mailer flaw allows remote code execution — www.bleepingcomputer.com — 13.05.2026 23:23