Ghostwire

CVE-2026-48840: Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of...

MEDIUM CVSS 5.3 Exploit Available

Published: May 30, 2026 | Last Modified: May 30, 2026

Description

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

References

exim.org/static/doc/security/EXIM-Security-2026-05-19.1
www.openwall.com/lists/oss-security/2026/05/29/3
www.openwall.com/lists/oss-security/2026/05/29/3
www.tenable.com/cve/CVE-2026-48840
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-48840