CVE-2026-40686

· NIST NVD ↗

In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message.

LOW
CVSS severity
3.7
CVSS base score
2026-04-30
Published

CWE codes

CWE-125

Affected products

exim:exim

Sources