New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

Exim released security patches addressing CVE-2026-45185, dubbed "Dead.Letter," a use-after-free vulnerability affecting the mail transfer agent's BDAT command processing. The flaw specifically impacts Exim installations compiled with GnuTLS support.

The vulnerability stems from improper memory handling when Exim processes BDAT (binary data) commands during SMTP transactions. Attackers can trigger the use-after-free condition by crafting malicious email commands, corrupting memory and achieving arbitrary code execution on affected servers. The attack requires no authentication and executes within the Exim process context.

Exim powers email delivery across thousands of organizations globally, making this vulnerability high-impact for internet infrastructure. Mail servers running vulnerable versions with GnuTLS builds face immediate risk of compromise. Attackers exploiting this flaw gain the ability to execute commands as the Exim user, typically a privileged account with access to mailboxes and system resources.

Organizations should identify Exim instances compiled with GnuTLS support and apply patches immediately. The vulnerability requires minimal attacker interaction. SMTP-facing systems provide an obvious attack surface. Network segmentation limiting SMTP access and disabling unnecessary protocols reduce exposure during patching windows.

Exim administrators should upgrade to patched versions without delay. Systems using OpenSSL or other TLS implementations instead of GnuTLS remain unaffected. The use-after-free class of vulnerability often proves difficult to exploit reliably, but successful exploitation carries severe consequences. Memory corruption vulnerabilities in mail processing software present particular risk given their exposure to untrusted network input.

The Dead.Letter designation reflects the vulnerability's connection to improper message handling. Organizations running older Exim versions on production mail servers warrant immediate assessment and remediation planning. Patch availability may vary by distribution, so checking official Ex