Dead.Letter (CVE-2026-45185): XBOW Discovers Unauthenticated RCE on Exim

The post details how security researchers at XBOW discovered an unauthenticated remote code execution (RCE) vulnerability in Exim, assigned CVE-2026-45185. The flaw was identified through a bug in Exim’s email processing logic, specifically related to the handling of "dead.letter" files. XBOW’s blog provides technical insights into the vulnerability’s root cause and exploitation.