Act
active
CVE-2026-45185: Unauthenticated RCE in Exim, public PoC released
- Engineer — Act: Unauthenticated RCE on a widely-deployed internet-facing MTA with a public PoC on GitHub demands immediate action regardless of low EPSS — Exim has a history of mass exploitation. Patch Exim to the version addressing CVE-2026-45185; if no patch is yet available, restrict SMTP exposure at the network layer while tracking vendor advisory.
- SOC/IR — Plan: No active exploitation confirmed in enrichment signals, but a public PoC for pre-auth RCE on an internet-facing mail server shortens the window — build or stage Exim-specific detections (unusual child processes spawned from the Exim process, unexpected outbound connections from mail servers) before exploitation ramps up.
- Leader — Skip
- Signals: CVE-2026-45185 — CISA KEV: not listed, EPSS 0.01, public PoC on GitHub
This entry was curated and judged by AI (Claude) with automated enrichment
(CISA KEV / EPSS / public PoC). Verify against the original source before
acting. Found a bad verdict?
Report it —
confirmed errors go to the corrections log.