CVE-2026-40686
Out-of-Bounds Read in Exim with UTF-8 Header Handling
Publication date: 2026-04-30
Last updated on: 2026-05-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| exim | exim | to 4.99.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Exim versions before 4.99.2 when UTF-8 operators are enabled. It involves an out-of-bounds read triggered by the presence of large malformed UTF-8 trailing characters in email header data. This flaw can cause information to be inadvertently revealed within error messages generated during the processing of unrelated email messages.
How can this vulnerability impact me? :
The impact of this vulnerability is limited to information disclosure. Specifically, sensitive information might be exposed through error messages caused by the out-of-bounds read when handling malformed UTF-8 data in email headers. The CVSS score indicates a low severity with a base score of 3.7, meaning the vulnerability requires network access with high attack complexity and does not allow privilege escalation or denial of service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability in Exim before version 4.99.2 can lead to information disclosure through error messages when handling malformed UTF-8 header data. Such unintended information leakage could potentially impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive information and preventing unauthorized disclosure.
However, the CVE description does not provide explicit details on the nature or sensitivity of the information disclosed, nor does it specify the extent to which this vulnerability affects compliance with these standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs in Exim versions before 4.99.2 when UTF-8 operators are enabled and malformed UTF-8 header data with large trailing characters is processed. Detection involves checking if your Exim configuration uses UTF-8 operations on externally-provided input.
Since the vulnerability causes an out-of-bounds read that may produce error messages revealing information, monitoring Exim logs for unusual error messages related to UTF-8 processing could help detect exploitation attempts.
Specific commands to detect this vulnerability are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Exim to version 4.99.2 or later, which addresses this vulnerability along with others.
If upgrading immediately is not possible, consider disabling UTF-8 operators in your Exim configuration to prevent processing of malformed UTF-8 header data.
Additionally, monitor your mail server logs for suspicious error messages that might indicate exploitation attempts.