← back
CVE-2026-40687

CVE-2026-40687

CVSS 4.8 MEDIUMEPSS 0.4%CWE-909
In short

Exim email server has a flaw in its SPA authentication method that can crash connections or leak sensitive data from memory when processing specially crafted authentication requests.

Technical detail

An out-of-bounds write vulnerability exists in Exim's SPA authentication driver (CWE-909) when processing adversarial SPA resources, enabling denial of service via connection crash or information disclosure through uninitialized heap memory access. Exploitation requires sending a malformed SPA authentication request to an Exim instance configured with SPA driver enabled.

Summary generated and translated by AI from the official description.
In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Affected products
Exim · Exim

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://code.exim.org/exim/exim/commit/68b963b9f75ca27b38e1c0f8c87037990199f505https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40687.assessmenthttps://exim.org/static/doc/security/CVE-2026-40687.txthttps://www.openwall.com/lists/oss-security/2026/04/30/21