As a mail server administrator or someone who relies on email services, a new vulnerability in Exim’s BDAT parser just surfaced. The issue, tracked as CVE-2026-45185, could affect servers that handle BDAT data over TLS with GnuTLS. The information circulating in security outlets highlights a use-after-free condition that could be triggered during BDAT processing. The Hacker News reported on this vulnerability earlier today, and Exim’s advisories are circulating in the community. This is a reminder that mail infrastructure remains a high‑value target for attackers and requires timely patching.
What happened
Exim, a widely used mail transfer agent, has a flaw in its BDAT handling when BDAT data is processed over a TLS connection managed by GnuTLS. The bug is triggered during the BDAT body processing when a client sends a TLS close_notify before the body transfer completes, followed by a final byte in cleartext on the same TCP connection. The issue has been assigned CVE-2026-45185, and advisories from Exim and security researchers are outlining the impacted versions and recommended actions. For readers looking for initial reporting, The Hacker News covered this topic earlier today.
Why it matters
Mail servers sit at the frontline of many organizations, from small businesses to hosting providers. A vulnerability in a core mail processing path can lead to service disruption, increased attack surface, and potential unauthorized access depending on how the server is configured and patched. Because email remains essential for operations, a flaw like this can have tangible knock-on effects beyond the tech stack.
What you can do now
- Identify whether your Exim version is affected and upgrade to the patched release recommended by Exim advisories. If you’re unsure, reach out to your hosting provider or system administrator.
- If an immediate upgrade isn’t possible, implement interim mitigations such as limiting BDAT processing or routing mail through a secured gateway with up-to-date protection until a patch can be applied.
- Ensure TLS and GnuTLS components are current on all affected servers, since the vulnerability involves TLS handling code paths.
- Review mail server logs for unusual BDAT activity or signs of exploitation; enable alerts for anomalous mail throughput or processing errors.
- Test mail delivery in a staging environment after patching to verify there are no regressions in functionality.
Final thought
Keeping mail servers patched and monitored is a practical part of a solid security routine. If you run a small business or manage services that depend on email, set up a simple patching and monitoring checklist to stay ahead of vulnerabilities like CVE-2026-45185.