CVE-2026-40687
Out-of-Bounds Write in Exim with SPA Authentication
Publication date: 2026-04-30
Last updated on: 2026-05-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| exim | exim | to 4.99.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-909 | The product does not initialize a critical resource. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can cause the Exim connection instance to crash, leading to denial of service. Additionally, it can result in the exposure of sensitive data from uninitialized heap memory, potentially leaking information unintentionally.
Can you explain this vulnerability to me?
This vulnerability exists in Exim versions before 4.99.2 when using the SPA authentication driver. An adversarial SPA resource can trigger an out-of-bounds write, which may crash the connection instance or cause erroneous data processing that leads to the disclosure of data from uninitialized heap memory.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability in Exim before 4.99.2 can cause an out-of-bounds write leading to a crash of the connection instance or an information leak from uninitialized heap memory.
The information leak could potentially expose sensitive data, which may impact compliance with data protection regulations such as GDPR or HIPAA that require safeguarding personal and health information.
However, the vulnerability only causes a crash of the connection process (not the entire daemon) and the information leak is limited to uninitialized heap memory, which may reduce the scope of data exposure.
Organizations using vulnerable versions of Exim with the SPA authentication driver should consider this risk in their compliance assessments and apply patches to mitigate potential data exposure.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs when the SPA authentication driver is used with a malicious SPA resource, causing an out-of-bounds write that crashes the connection instance or leaks uninitialized heap memory.
Detection involves monitoring for remote-triggered crashes of the Exim connection process or unusual information leaks related to SPA authentication.
Specific commands or detection tools are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or avoiding the use of the SPA authentication driver in Exim until a fixed version (4.99.2 or later) is applied.
Updating Exim to version 4.99.2 or later will address the vulnerability.