Security Advisory

CVE-2026-40687

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-30 00:00:00
Last updated 2026-05-01 14:25:12
Assigner mitre
State PUBLISHED

Description

In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.