Critical Exim Mail Server Vulnerability "Dead.Letter" Enables Remote Code Execution

Exim, an open-source Mail Transfer Agent (MTA) for Unix-like systems, released security updates to address a severe vulnerability affecting certain configurations. The flaw, tracked as CVE-2026-45185 with a CVSS score of 9.8 and dubbed "Dead.Letter," could lead to memory corruption and potential code execution. The issue specifically impacts builds of Exim that use GnuTLS. No exact date for the patch release was provided, but the vulnerability was publicly disclosed in May 2026. The update mitigates risks associated with the BDAT command processing in vulnerable versions.