A newly revealed Exim BDAT vulnerability is affecting some email server setups that use Exim as their Mail Transfer Agent (MTA), prompting security attention due to its severity. Tracked as CVE-2026-45185 with a CVSS score of 9.8 and internally referred to as “Dead.Letter,” the issue is classified as a remote use-after-free vulnerability that can lead to memory corruption and potentially code execution under specific conditions involving GnuTLS. 

Exim, an open-source MTA (Mail Transfer Agent) widely used on Unix-like systems for receiving, routing, and delivering email, has released a security update addressing the flaw. The vulnerability primarily affects configurations where Exim is bui...