CVSS 6.5 · MEDIUM
CVE-2026-40685
In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping.
Ver en NVDSeveridad
Puntaje: 6.5(MEDIUM)
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:HAV: NETWORK
AC: HIGH
PR: NONE
UI: NONE
S: UNCHANGED
C: NONE
I: LOW
A: HIGH
Tipo de falla (CWE):
CWE-684CWE-787EPSS
Probabilidad de explotación (próx. 30 días): 0.0007 (0.1%)
Percentil: 21.3%
EPSS: 2026-05-06
Afecta
exim:eximDescripción técnica
In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping.
Publicada: 30/4/2026, 22:16:25
Última modificación: 1/5/2026, 17:51:06