Exim <4.99.2 Heap OOB in JSON Lookup due to Malformed Header
CVE-2026-40685 Published on April 30, 2026
In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping.
Vulnerability Analysis
CVE-2026-40685 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and a high impact on availability.
Weakness Type
Incorrect Provision of Specified Functionality
The code does not function according to its published specifications, potentially leading to incorrect usage. When providing functionality to an external party, it is important that the software behaves in accordance with the details specified. When requirements of nuances are not documented, the functionality may produce unintended behaviors for the caller, possibly leading to an exploitable state.
Products Associated with CVE-2026-40685
stack.watch emails you whenever new vulnerabilities are published in Exim or Canonical Ubuntu Linux. Just hit a watch button to start following.
Affected Versions
Exim:- Before 4.99.2 is affected.