<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Exim on CuraSec</title><link>https://curasec.metacog.co.kr/tags/exim/</link><description>Recent content in Exim on CuraSec</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sun, 12 Jul 2026 11:56:34 +0000</lastBuildDate><atom:link href="https://curasec.metacog.co.kr/tags/exim/index.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2026-45185: Unauthenticated RCE in Exim, public PoC released</title><link>https://curasec.metacog.co.kr/insights/2026-07-12-dead-letter-cve-2026-45185-how-xbow-found-an-unauthenticated/</link><pubDate>Sun, 12 Jul 2026 11:56:34 +0000</pubDate><guid>https://curasec.metacog.co.kr/insights/2026-07-12-dead-letter-cve-2026-45185-how-xbow-found-an-unauthenticated/</guid><description>&lt;ul>
&lt;li>&lt;strong>Engineer — Act:&lt;/strong> Unauthenticated RCE on a widely-deployed internet-facing MTA with a public PoC on GitHub demands immediate action regardless of low EPSS — Exim has a history of mass exploitation. Patch Exim to the version addressing CVE-2026-45185; if no patch is yet available, restrict SMTP exposure at the network layer while tracking vendor advisory.&lt;/li>
&lt;li>&lt;strong>SOC/IR — Plan:&lt;/strong> No active exploitation confirmed in enrichment signals, but a public PoC for pre-auth RCE on an internet-facing mail server shortens the window — build or stage Exim-specific detections (unusual child processes spawned from the Exim process, unexpected outbound connections from mail servers) before exploitation ramps up.&lt;/li>
&lt;li>&lt;strong>Leader — Skip&lt;/strong>&lt;/li>
&lt;li>&lt;strong>Signals:&lt;/strong> CVE-2026-45185 — CISA KEV: not listed, EPSS 0.01, public PoC on GitHub&lt;/li>
&lt;/ul></description></item></channel></rss>