CVE-2026-40684

Medienbericht

EPSS 0.1%
Veröffentlicht 30.04.2026 00:00:00
Zuletzt bearbeitet 01.05.2026 18:16:15
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Exim ≫ Exim Version < 4.99.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.273

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cve@mitre.org	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-684 Incorrect Provision of Specified Functionality

The code does not function according to its published specifications, potentially leading to incorrect usage.

https://thehackernews.com/2026/05/weekly-recap-ai-powered-phishing.html

Media Report

https://www.openwall.com/lists/oss-security/2026/04/30/21

Third Party Advisory

Mailing List

https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40684.assessment

Vendor Advisory

https://code.exim.org/exim/exim/commit/628bbaca7672748d941a12e7cd5f0122a4e18c81

Patch

https://exim.org/static/doc/security/CVE-2026-40684.txt

Broken Link

http://www.openwall.com/lists/oss-security/2026/05/01/11

https://nvd.nist.gov/vuln/detail/CVE-2026-40684

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-40684

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-40684

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-40684