In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping.
https://nvd.nist.gov/vuln/detail/CVE-2026-40685
Exim CVE-2026-40685
-
Starburst-David
- Posts: 53
- Joined: Wed Feb 11, 2026 8:31 pm