Ghostwire

CVE-2026-40687: In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an...

MEDIUM CVSS 4.8 Exploit Available

Published: April 30, 2026 | Last Modified: May 1, 2026

Description

In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

References

code.exim.org/exim/exim/commit/68b963b9f75ca27b38e1c0f8c87037990199f505
exim.org/static/doc/security/CVE-2026-40687.txt
exim.org/static/doc/security/cve-2026-04.1/CVE2026-40687.assessment
www.openwall.com/lists/oss-security/2026/04/30/21
www.tenable.com/cve/CVE-2026-40687
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-40687
nvd.nist.gov/vuln/detail/CVE-2026-40687