Exim CVE-2026-40687
Posted: Fri May 15, 2026 10:04 pm
In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.
https://nvd.nist.gov/vuln/detail/CVE-2026-40687
https://nvd.nist.gov/vuln/detail/CVE-2026-40687