Exim BDAT Vulnerability (CVE-2026-45185) Exposes GnuTLS Builds to RCE

/HIGH
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW threat-intelvulnerabilitytools
Exim BDAT Vulnerability (CVE-2026-45185) Exposes GnuTLS Builds to RCE

Exim has issued critical security updates to address a severe vulnerability, tracked as CVE-2026-45185 and dubbed “Dead.Letter.” This use-after-free flaw affects specific Exim configurations, potentially leading to memory corruption and remote code execution (RCE).

According to The Hacker News, this issue primarily impacts Exim Mail Transfer Agents (MTAs) compiled with GnuTLS. Exim, an open-source MTA widely used on Unix-like systems for email handling, is a critical component in countless network infrastructures. An attacker successfully exploiting this vulnerability could gain significant control, disrupting email services or leveraging the compromise for deeper network penetration.

Defenders must prioritize patching. The attacker’s calculus here is straightforward: email infrastructure is a high-value target. A successful RCE on an MTA grants access to sensitive communications and often provides a foothold into the internal network. This isn’t just about email disruption; it’s about a clear path to data exfiltration and lateral movement.

What This Means For You

  • If your organization runs Exim, especially if compiled with GnuTLS, you need to identify and patch all affected systems immediately. This isn't a theoretical risk; it's a direct path to remote code execution. Verify your Exim version and GnuTLS compilation status. Do not delay.

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-45185 Exim Use-After-Free Attempt

Sigma YAML — free preview

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-45185 RCE Exim Mail Transfer Agent (MTA) with GnuTLS builds
CVE-2026-45185 Memory Corruption Exim Mail Transfer Agent (MTA) with GnuTLS builds
CVE-2026-45185 Use After Free Exim Mail Transfer Agent (MTA) related to BDAT command processing

Written by SCW Vulnerability Desk

Take action on this incident
📡 Monitor exim.org Free · 1 watchlist slot · instant alerts on new breaches 🔍 Threat intel on Exim All breaches, IOCs & vendor exposure

Related coverage on Exim

Microsoft Releases Windows 10 KB5087544 Extended Security Update

Microsoft has rolled out the Windows 10 KB5087544 extended security update. BleepingComputer reports this update addresses vulnerabilities from May 2026 Patch Tuesday. It also includes...

threat-inteldata-breachmalwarevulnerabilitymicrosofttools
/SCW Vulnerability Desk /MEDIUM /⚑ 3 IOCs

Fortinet Warns of Critical RCE Flaws in FortiSandbox and FortiAuthenticator

Fortinet has issued urgent security patches for critical remote code execution (RCE) vulnerabilities impacting its FortiSandbox and FortiAuthenticator products. BleepingComputer reports that these flaws could...

threat-inteldata-breachmalwarevulnerabilitycloudtools
/SCW Vulnerability Desk /HIGH /⚑ 4 IOCs /⚙ 3 Sigma

Microsoft Ships Windows 11 Cumulative Updates KB5089549 & KB5087420

Microsoft has rolled out cumulative updates KB5089549 and KB5087420 for Windows 11 versions 25H2/24H2 and 23H2, respectively. BleepingComputer reports that these updates address critical security...

threat-inteldata-breachmalwaremicrosofttools
/SCW Research /MEDIUM