Critical Alert 1 Active Exploit Detected Today

CVE-2008-4128 Cisco IOS Cross-Site Request Forgery Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower


← Back to CVE List

CVE-2026-45185NVD

Vulnerability Summary

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.
Severity Level
CRITICAL(9.8)
Published Date
May 12, 2026
Last Modified
May 28, 2026
Exploitation Status
No confirmed exploitation yet
EPSS Score (30-Day)
1.23%Probability
Root Weakness (CWE)
Refer to the official MITRE database for detailed architectural specifications regarding this weakness.
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh