VulnWatch VulnWatch
← Back to dashboard
Medium nvd · CVE-2026-40687

CVE-2026-40687: In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-

Published Apr 30, 2026 CVSS 4.8

In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.

Affected AI Products

adversarial
View original source
Get the weekly digest. Every Monday: top AI security stories of the week. Free.