CVE-2026-40684 PUBLISHED

Assigner: mitre
Reserved: 14.04.2026 Published: 30.04.2026 Updated: 01.05.2026

In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 5.9

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Exim
Product	Exim
Versions	Default: unaffected affected from 0 to 4.99.2 (excl.)

References

https://www.openwall.com/lists/oss-security/2026/04/30/21
https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40684.assessment
https://code.exim.org/exim/exim/commit/628bbaca7672748d941a12e7cd5f0122a4e18c81
https://exim.org/static/doc/security/CVE-2026-40684.txt

Problem Types

CWE-684 Incorrect Provision of Specified Functionality CWE