Multiple Exim Mail Server Flaws Allow Crashes via Malicious DNS Data

The developers of the Exim mail server have released version 4.99.2 to fix multiple newly discovered security vulnerabilities.

These flaws could allow attackers to crash mail server connections, corrupt memory, or even expose sensitive data.

The issues were first shared privately with Linux distribution maintainers on April 24, 2026, and later publicly disclosed on April 29.

With the fixes now available, administrators are strongly urged to update immediately to avoid service disruption.

Exim is one of the most widely used mail transfer agents on Unix-like systems, making it a high-value target for attackers.

Why Exim Servers Are at Risk

Mail servers like Exim constantly process incoming data from external and often untrusted sources. This includes domain names, email headers, authentication requests, and DNS records.

If the server does not properly validate or sanitize this data, attackers can craft malicious inputs designed to exploit memory handling processes. These attacks can lead to crashes, data leaks, or denial-of-service (DoS) conditions.

Because email systems are critical for business communication, even temporary disruptions can have serious operational impacts.

The Exim team patched four vulnerabilities in this release:

• CVE-2026-40684: A crash vulnerability caused by malicious DNS PTR records. It mainly affects systems using musl libc due to an error in octal formatting.
• CVE-2026-40685: Improper handling of corrupted JSON data in email headers can lead to out-of-bounds read and write operations, resulting in heap memory corruption.
• CVE-2026-40686: Large UTF-8 characters in headers can trigger out-of-bounds reads, potentially leaking sensitive data during error handling.
• CVE-2026-40687: A flaw in the SPA authentication driver allows attackers to perform out-of-bounds memory operations, which may crash the server or expose heap data.

These vulnerabilities mainly impact how Exim processes malformed input data.

The primary risk from these flaws is denial-of-service. Attackers can send specially crafted emails or manipulate DNS responses to crash active connections.

In some cases, memory corruption or data leakage is also possible. This could expose sensitive information stored in server memory.

Systems using external JSON processing or SPA/NTLM authentication are at higher risk due to how these components handle input data.

For example, an attacker could send a malicious email header containing corrupted JSON. When Exim processes it, the server may crash or behave unpredictably, interrupting mail delivery services.

Administrators should upgrade to Exim version 4.99.2 immediately using official sources. This is the only reliable way to fully mitigate these vulnerabilities.

The Exim team has also confirmed that older versions are no longer actively maintained. Systems running outdated releases may remain permanently exposed to these risks.

Updated source code and secure repository tags are now available through official Exim channels.

Timely patching is essential, especially for internet-facing mail servers that process large volumes of external data daily.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Multiple Exim Mail Server Flaws Allow Crashes via Malicious DNS Data appeared first on Cyber Security News.