CVE-2026-40685

Summary

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping.

Affected Software

VendorProductVersion RangeStatus
EximExim0 < 4.99.2affected

Weaknesses

  • CWE-684: CWE-684 Incorrect Provision of Specified Functionality

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References