Multiple Exim Mail Server Vulnerabilities Leads to Crash with Malicious DNS data

HomeCyber Security News Multiple Exim Mail Server Vulnerabilities Leads to Crash with Malicious DNS data By Abinaya May 2, 2026 The Exim development team has released version 4.99.2 to address four newly discovered security vulnerabilities affecting their mail server software. These flaws allow attackers to potentially crash servers, corrupt memory, or leak sensitive information. Because Exim is one of the most widely used message transfer agents on the internet, system administrators need to apply this update immediately to secure their email infrastructure. Breakdown of the Discovered Vulnerabilities The latest security update patches four distinct Common Vulnerabilities and Exposures (CVEs) that affect how the server processes external inputs. CVE-2026-40684 causes a crash with malicious DNS data malformed PTR records trigger an octal printing error on systems using the musl C library, resulting in a complete crash of the connection instance. CVE-2026-40685 triggers out-of-bounds read and write operations on corrupted JSON configurations that use JSON operators on invalid external input, which can directly lead to heap corruption. CVE-2026-40686 exposes out-of-bounds read issues via large UTF-8 trailing characters; processing malformed headers might leak data if error messages are required for subsequent emails in the same connection. CVE-2026-40687 creates out-of-bounds vulnerabilities in the SPA authenticator; connecting to a compromised external SPA or NTLM service can cause the instance to crash or leak heap memory. Mail servers act as the central communication backbone for modern organizations, making them highly attractive targets for threat actors. When attackers exploit out-of-bounds read and write vulnerabilities, they manipulate how a program allocates its memory space. This allows malicious users to extract sensitive data they shouldn’t be able to access or to overwrite data, disrupting normal server operations. The DNS-related crash specifically highlights how a simple malformed record can cause a denial-of-service condition for systems that rely on the musl C library. Threat actors routinely deploy automated scanners to identify unpatched mail servers connected to the internet. Leaving these endpoints exposed makes them highly vulnerable to automated exploitation and targeted data extraction campaigns. Mitigation Steps System administrators should prioritize upgrading to Exim 4.99.2 immediately. The official security release is currently available as a tarball download from the primary Exim FTP site. It can also be pulled directly from the official Exim Git repository. According to the advisory, older versions of Exim are no longer actively maintained, and network defenders should take note. This means legacy deployments may carry these vulnerabilities permanently unless upgraded to the current branch. Administrators should also review their email header configurations to ensure proper validation of externally provided JSON and UTF-8 inputs. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News EU Proposes Requiring Google to Share User Search Data with Rival Search Engines Critical GitHub.com and Enterprise Server RCE Vulnerability Enables Full Server Compromise Chinese Silk Typhoon Hacker Extradited to the U.S. from Italy New Malware Uses Obfuscation and Staged Payload Delivery to Evade Detection Nessus Agent Vulnerability on Windows Enables Arbitrary Code Execution with SYSTEM Privileges Latest News Cyber Attack News Hackers Breach Government and Military Servers by Exploiting cPanel Vulnerability Cyber Security News Attackers Deploy AiTM Phishing Pages to Access SharePoint, HubSpot, and Google Workspace Cyber Security News Attackers Abuse Google AppSheet, Netlify, and Telegram in Facebook Phishing Campaign Cyber Security News cPanelSniper – PoC Exploit Disclosed for cPanel Vulnerability, 44,000 Servers Compromised Press Release Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations