The Shadow in the TLS Code: Unauthenticated RCE in Exim The discovery of a critical unauthenticated Remote Code Execution (RCE) vulnerability in Exim, reported by XBOW as CVE 2026 45185, has raised significant concerns among security professionals and developers.
This vulnerability is particularly worrying because it can be exploited without any special server configuration, given the widespread adoption of Exim as an email transfer agent.
The bug's root cause lies in a use after free triggered when a TLS connection is handled by GnuTLS, a default TLS library on many Debian based distributions.