CVE-2026-48840 — Vulnetix

CVE-2026-48840 PUBLISHED CVSS 5.3 MEDIUM

Reported by mitre · Published May 30, 2026

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.

Risk Scores

CVSS v3.1

5.3

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Exim	Exim	4.88
alpine	exim	0, 0, 0
exim	exim	4.88, 4.88, 4.88
Exim	Exim	4.88, 4.88, 4.88

Timeline

May 30, 2026 EPSS Score
May 30, 2026 CVE Published
May 30, 2026 CVE Updated
May 31, 2026 EPSS Score
May 31, 2026 Coalition ESS Score
Jun 1, 2026 EPSS Score
Jun 1, 2026 Security Advisory

References

http://www.openwall.com/lists/oss-security/2026/05/29/3 url
https://lists.debian.org/debian-lts-announce/2026/06/msg00004.html url

Open in Interactive Console →