CVE-2026-40686
Received Received - Intake
Out-of-Bounds Read in Exim with UTF-8 Header Handling

Publication date: 2026-04-30

Last updated on: 2026-05-01

Assigner: MITRE

Description
In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40686
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
exim exim to 4.99.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Exim versions before 4.99.2 when UTF-8 operators are enabled. It involves an out-of-bounds read triggered by the presence of large malformed UTF-8 trailing characters in email header data. This flaw can cause information to be inadvertently revealed within error messages generated during the processing of unrelated email messages.

Impact Analysis

The impact of this vulnerability is limited to information disclosure. Specifically, sensitive information might be exposed through error messages caused by the out-of-bounds read when handling malformed UTF-8 data in email headers. The CVSS score indicates a low severity with a base score of 3.7, meaning the vulnerability requires network access with high attack complexity and does not allow privilege escalation or denial of service.

Compliance Impact

This vulnerability in Exim before version 4.99.2 can lead to information disclosure through error messages when handling malformed UTF-8 header data. Such unintended information leakage could potentially impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive information and preventing unauthorized disclosure.

However, the CVE description does not provide explicit details on the nature or sensitivity of the information disclosed, nor does it specify the extent to which this vulnerability affects compliance with these standards.

Detection Guidance

This vulnerability occurs in Exim versions before 4.99.2 when UTF-8 operators are enabled and malformed UTF-8 header data with large trailing characters is processed. Detection involves checking if your Exim configuration uses UTF-8 operations on externally-provided input.

Since the vulnerability causes an out-of-bounds read that may produce error messages revealing information, monitoring Exim logs for unusual error messages related to UTF-8 processing could help detect exploitation attempts.

Specific commands to detect this vulnerability are not provided in the available resources.

Mitigation Strategies

The immediate mitigation step is to upgrade Exim to version 4.99.2 or later, which addresses this vulnerability along with others.

If upgrading immediately is not possible, consider disabling UTF-8 operators in your Exim configuration to prevent processing of malformed UTF-8 header data.

Additionally, monitor your mail server logs for suspicious error messages that might indicate exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40686. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart