CVE-2026-40685

· NIST NVD ↗

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping.

MEDIUM
CVSS severity
6.5
CVSS base score
2026-04-30
Published

CWE codes

CWE-684CWE-787

Affected products

exim:exim

Sources