Description

In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.

INFO

Published Date :

2026-04-30T00:00:00.000Z

Last Modified :

2026-05-01T14:25:12.276Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40687 vulnerability.

Vendors Products
Exim
  • Exim
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40687.

URL Resource
https://code.exim.org/exim/exim/commit/68b963b9f75ca27b38e1c0f8c87037990199f505 cve-icon cve-icon
https://exim.org/static/doc/security/CVE-2026-40687.txt cve-icon cve-icon
https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40687.assessment cve-icon cve-icon
https://www.openwall.com/lists/oss-security/2026/04/30/21 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact