1 article
A critical use-after-free vulnerability (CVE-2026-45185) in Exim's GnuTLS TLS session shutdown handler enables unauthenticated remote code execution on any Exim installation compiled with GnuTLS support. Exim is the default MTA on Debian, Ubuntu, and many Linux distributions, putting tens of millions of internet-facing mail servers at risk. Patches are available and should be applied immediately.