By vendor
Exim vulnerabilities
Known CVEs affecting Exim products, prioritized by severity, with SEC.co remediation and detection guidance.
1 published vulnerability
- CVE-2026-48840MEDIUM 5.3
Exim versions 4.88 through 4.99.3 contain a memory disclosure vulnerability when deployed in certain proxy configurations. The flaw allows unauthenticated remote attackers to craft short payloads that cause the mail server to leak uninitialized stack memory back to the client. This is a confidentiality issue—an attacker gains access to sensitive data that may be in memory, but cannot modify email systems or cause service disruption directly.