CuraSec

Act active

CVE-2026-45185: Unauthenticated RCE in Exim, public PoC released

2026-07-12 11:56 UTC · HN (cve) · read the source ↗ #rce#exim#cve
  • Engineer — Act: Unauthenticated RCE on a widely-deployed internet-facing MTA with a public PoC on GitHub demands immediate action regardless of low EPSS — Exim has a history of mass exploitation. Patch Exim to the version addressing CVE-2026-45185; if no patch is yet available, restrict SMTP exposure at the network layer while tracking vendor advisory.
  • SOC/IR — Plan: No active exploitation confirmed in enrichment signals, but a public PoC for pre-auth RCE on an internet-facing mail server shortens the window — build or stage Exim-specific detections (unusual child processes spawned from the Exim process, unexpected outbound connections from mail servers) before exploitation ramps up.
  • Leader — Skip
  • Signals: CVE-2026-45185 — CISA KEV: not listed, EPSS 0.01, public PoC on GitHub
This entry was curated and judged by AI (Claude) with automated enrichment (CISA KEV / EPSS / public PoC). Verify against the original source before acting. Found a bad verdict? Report it — confirmed errors go to the corrections log.