CVE-2026-40686

Q: What is the severity of CVE-2026-40686?

CVE-2026-40686 is classified as a medium severity vulnerability due to its potential to disclose information via error messages.

Q: How do I fix CVE-2026-40686?

To fix CVE-2026-40686, upgrade Exim to version 4.99.2 or later to eliminate the out-of-bounds read vulnerability.

Q: What causes CVE-2026-40686?

CVE-2026-40686 is caused by handling large malformed UTF-8 trailing characters in email header data when utf8 operators are enabled.

Q: Which versions of Exim are affected by CVE-2026-40686?

Exim versions prior to 4.99.2 are affected by CVE-2026-40686.

Q: What type of information could be leaked by CVE-2026-40686?

CVE-2026-40686 could potentially leak information within error messages generated during the processing of unrelated email messages.

Published Apr 30, 2026

Updated

In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message.

Affected Software

2 affected components

Exim Exim<4.99.2

Remediation

Patch Available

https://code.exim.org/exim/exim/commit/f2570bde16fb4d4a1242ff363a4c4eecf6372efc

Event History

Apr 30, 2026

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

DescriptionSeverityWeakness

Data Sourced

via NVD·10:16 PM

RemedyDescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2026-40686?

CVE-2026-40686 is classified as a medium severity vulnerability due to its potential to disclose information via error messages.

How do I fix CVE-2026-40686?

To fix CVE-2026-40686, upgrade Exim to version 4.99.2 or later to eliminate the out-of-bounds read vulnerability.

What causes CVE-2026-40686?

CVE-2026-40686 is caused by handling large malformed UTF-8 trailing characters in email header data when utf8 operators are enabled.

Which versions of Exim are affected by CVE-2026-40686?

Exim versions prior to 4.99.2 are affected by CVE-2026-40686.

What type of information could be leaked by CVE-2026-40686?

CVE-2026-40686 could potentially leak information within error messages generated during the processing of unrelated email messages.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2026-40686

Affected Software

Remediation

Patch Available

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2026-40686?

How do I fix CVE-2026-40686?

What causes CVE-2026-40686?

Which versions of Exim are affected by CVE-2026-40686?

What type of information could be leaked by CVE-2026-40686?

Company

Resources

Contact