tag: Exim · 1 items
- Engineer — Act: Unauthenticated RCE on a widely-deployed internet-facing MTA with a public PoC on GitHub demands immediate action regardless of low EPSS — Exim has a history of mass exploitation. Patch Exim to the version addressing CVE-2026-45185; if no patch is yet available, restrict SMTP exposure at the network layer while tracking vendor advisory.
- SOC/IR — Plan: No active exploitation confirmed in enrichment signals, but a public PoC for pre-auth RCE on an internet-facing mail server shortens the window — build or stage Exim-specific detections (unusual child processes spawned from the Exim process, unexpected outbound connections from mail servers) before exploitation ramps up.
- Leader — Skip
- Signals: CVE-2026-45185 — CISA KEV: not listed, EPSS 0.01, public PoC on GitHub