Skip to main content

Exim

26 CVEs product

Monthly

CVE-2026-48840 MEDIUM PATCH This Month

Uninitialized stack memory disclosure in Exim 4.88 through 4.99.3 allows remote unauthenticated attackers to read arbitrary stack memory contents by sending specially crafted short payloads to proxy-enabled SMTP listeners. The vulnerability is constrained to proxy configurations but requires no authentication and no user interaction (AV:N/AC:L/PR:N/UI:N), making it trivially reachable against exposed instances. No public exploit code or CISA KEV listing exists at time of analysis, and a vendor-released fix is available in Exim 4.99.4.

Information Disclosure Exim
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-40686 LOW PATCH Monitor

Out-of-bounds read in Exim before 4.99.2 when UTF-8 operators are enabled allows remote unauthenticated attackers to leak sensitive information through error messages by sending email with malformed UTF-8 trailing characters in headers. The vulnerability has high attack complexity due to the requirement for UTF-8 operator enablement and specific malformed input crafting, but requires no user interaction and operates over the network on default deployments.

Information Disclosure Buffer Overflow Exim
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-30232 HIGH PATCH This Week

A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Use After Free Memory Corruption Privilege Escalation Exim Suse
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-26794 HIGH PATCH Act Now

Exim mail server version 4.98 before 4.98.1 contains a remote SQL injection vulnerability when SQLite hints and ETRN serialization features are enabled. The vulnerability allows remote attackers to inject SQL through crafted SMTP commands, potentially compromising the mail server's configuration and queued messages.

SQLi Exim Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
72.1%
CVE-2023-51766 MEDIUM POC PATCH This Month

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Exim Extra Packages For Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-3620 CRITICAL PATCH Act Now

A vulnerability was found in Exim and classified as problematic.c of the component DMARC Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Exim Fedora
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3559 HIGH PATCH This Week

A vulnerability was found in Exim and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Exim Fedora
NVD VulDB
CVSS 3.1
7.5
EPSS
3.7%
CVE-2022-37452 CRITICAL POC PATCH Act Now

Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Exim Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-37451 HIGH POC PATCH This Week

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Exim Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-38371 HIGH This Week

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Exim
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-27216 MEDIUM POC This Month

Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Exim
NVD
CVSS 3.1
6.3
EPSS
1.0%
CVE-2020-12783 HIGH POC PATCH This Week

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Authentication Bypass Information Disclosure Exim Fedora +2
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2020-8015 HIGH POC This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Exim
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-16928 CRITICAL POC KEV PATCH THREAT Act Now

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption Exim Ubuntu Linux +2
NVD
CVSS 3.1
9.8
EPSS
41.6%
CVE-2019-15846 CRITICAL Act Now

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Exim Debian Linux
NVD
CVSS 3.0
9.8
EPSS
35.7%
CVE-2019-13917 CRITICAL PATCH Act Now

{sort } expansion for items that can be controlled by an attacker (e.g.,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Exim Debian Linux
NVD
CVSS 3.0
9.8
EPSS
8.6%
CVE-2019-10149 CRITICAL POC KEV PATCH THREAT Act Now

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Exim Ubuntu Linux Debian Linux
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2018-6789 CRITICAL POC KEV PATCH THREAT Act Now

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Exim Debian Linux Ubuntu Linux
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
82.2%
CVE-2017-16944 HIGH POC THREAT Act Now

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.0%.

Denial Of Service Exim Debian Linux
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
76.0%
Threat
5.3
CVE-2017-16943 CRITICAL POC PATCH THREAT Act Now

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.9%.

Denial Of Service Memory Corruption Use After Free RCE Exim +1
NVD GitHub
CVSS 3.0
9.8
EPSS
76.9%
Threat
5.8
CVE-2017-1000369 MEDIUM This Month

Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Exim Debian Linux
NVD GitHub
CVSS 3.1
4.0
EPSS
0.3%
CVE-2016-9963 MEDIUM This Month

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Exim Ubuntu Linux Debian Linux
NVD
CVSS 3.0
5.9
EPSS
1.7%
CVE-2016-1531 HIGH POC THREAT Act Now

Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. Rated high severity (CVSS 7.0). Public exploit code available and EPSS exploitation probability 56.8%.

Privilege Escalation Exim
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
56.8%
Threat
4.6
CVE-2014-2972 MEDIUM PATCH This Month

expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Information Disclosure Exim
NVD
CVSS 2.0
4.6
EPSS
0.2%
CVE-2014-2957 MEDIUM PATCH This Month

The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Exim
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2012-5671 MEDIUM This Month

Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 35.7% and no vendor patch available.

Buffer Overflow RCE Exim
NVD
CVSS 2.0
6.8
EPSS
35.7%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Uninitialized stack memory disclosure in Exim 4.88 through 4.99.3 allows remote unauthenticated attackers to read arbitrary stack memory contents by sending specially crafted short payloads to proxy-enabled SMTP listeners. The vulnerability is constrained to proxy configurations but requires no authentication and no user interaction (AV:N/AC:L/PR:N/UI:N), making it trivially reachable against exposed instances. No public exploit code or CISA KEV listing exists at time of analysis, and a vendor-released fix is available in Exim 4.99.4.

Information Disclosure Exim
NVD VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Out-of-bounds read in Exim before 4.99.2 when UTF-8 operators are enabled allows remote unauthenticated attackers to leak sensitive information through error messages by sending email with malformed UTF-8 trailing characters in headers. The vulnerability has high attack complexity due to the requirement for UTF-8 operator enablement and specific malformed input crafting, but requires no user interaction and operates over the network on default deployments.

Information Disclosure Buffer Overflow Exim
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 72% CVSS 7.5
HIGH PATCH Act Now

Exim mail server version 4.98 before 4.98.1 contains a remote SQL injection vulnerability when SQLite hints and ETRN serialization features are enabled. The vulnerability allows remote attackers to inject SQL through crafted SMTP commands, potentially compromising the mail server's configuration and queued messages.

SQLi Exim Red Hat +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Exim Extra Packages For Enterprise Linux +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability was found in Exim and classified as problematic.c of the component DMARC Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Exim +1
NVD VulDB
EPSS 4% CVSS 7.5
HIGH PATCH This Week

A vulnerability was found in Exim and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Exim +1
NVD VulDB
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Exim +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Exim Fedora
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Exim
NVD
EPSS 1% CVSS 6.3
MEDIUM POC This Month

Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Exim
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Authentication Bypass Information Disclosure +4
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Exim
NVD
EPSS 42% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption +4
NVD
EPSS 36% CVSS 9.8
CRITICAL Act Now

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Exim Debian Linux
NVD
EPSS 9% CVSS 9.8
CRITICAL PATCH Act Now

{sort } expansion for items that can be controlled by an attacker (e.g.,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Exim Debian Linux
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Exim Ubuntu Linux +1
NVD Exploit-DB
EPSS 82% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Exim Debian Linux +1
NVD Exploit-DB
EPSS 76% 5.3 CVSS 7.5
HIGH POC THREAT Act Now

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.0%.

Denial Of Service Exim Debian Linux
NVD Exploit-DB
EPSS 77% 5.8 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.9%.

Denial Of Service Memory Corruption Use After Free +3
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM This Month

Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Exim Debian Linux
NVD GitHub
EPSS 2% CVSS 5.9
MEDIUM This Month

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Exim Ubuntu Linux +1
NVD
EPSS 57% 4.6 CVSS 7.0
HIGH POC THREAT Act Now

Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. Rated high severity (CVSS 7.0). Public exploit code available and EPSS exploitation probability 56.8%.

Privilege Escalation Exim
NVD Exploit-DB
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Information Disclosure Exim
NVD
EPSS 2% CVSS 6.8
MEDIUM PATCH This Month

The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Exim
NVD
EPSS 36% CVSS 6.8
MEDIUM This Month

Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 35.7% and no vendor patch available.

Buffer Overflow RCE Exim
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy