{"vulnerability": "CVE-2026-45185", "sightings": [{"uuid": "5fdc62e0-fc86-4a83-927d-9faba4231ea2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://t.me/GithubRedTeam/83976", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Dead.Letter-CVE-2026-45185\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a liamromanis101\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-12 17:51:05\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-12T18:00:04.000000Z"}, {"uuid": "358c5ed2-7190-4668-8c48-1d3c0f9ce6c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://thehackernews.com/2026/05/new-exim-bdat-vulnerability-exposes.html", "content": "Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution.\nExim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver email.\nThe vulnerability, tracked as CVE-2026-45185, aka Dead.Letter, has been described as a use-after-free", "creation_timestamp": "2026-05-12T14:44:00.000000Z"}, {"uuid": "32ff58d2-af12-4b66-9198-b5f8aba724f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45185", "type": "seen", "source": "https://bsky.app/profile/betterhn50.e-work.xyz/post/3mlowqukguu2l", "content": "Dead.Letter (CVE-2026-45185) \u2013 How XBOW found an unauthenticated RCE on Exim https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim (https://news.ycombinator.com/item?id=48111748)", "creation_timestamp": "2026-05-12T23:25:28.930194Z"}, {"uuid": "5cce11d5-408e-485e-95af-31ac2ce2adc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mloxm2qhgj2i", "content": "CVE-2026-45185 - Exim GnuTLS Use-After-Free Remote Code Execution Vulnerability\nCVE ID : CVE-2026-45185\n \n Published : May 12, 2026, 8:16 p.m. | 38\u00a0minutes ago\n \n Description : Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the...", "creation_timestamp": "2026-05-12T23:40:40.931479Z"}, {"uuid": "8f86e8f7-8b8f-4af7-99be-d367f550564f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mloxvzvoix2i", "content": "Exim Security Shock: CVE-2026-45185 Patch Reveals Dangerous Use-After-Free Flaw in GnuTLS\u00a0Builds\n\nCritical Security Update Exposes Deep Flaws in Email Infrastructure A newly disclosed vulnerability in the Exim mail transfer agent has sent shockwaves through the cybersecurity community after\u2026", "creation_timestamp": "2026-05-12T23:46:15.953580Z"}, {"uuid": "cacf079a-ab71-49cc-81c0-dd81e8ac4f9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45185", "type": "seen", "source": "https://bsky.app/profile/sagalinked.bsky.social/post/3mlozyk47a422", "content": "\ud83d\udcf0 A critical vulnerability was discovered in Exim's dead-letter queue handling, allowing unauthenticated remote code execution (RCE) through a crafted email message.\n\n\ud83d\udd17 https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim\n\n#Tech #Dev", "creation_timestamp": "2026-05-13T00:24:00.009371Z"}, {"uuid": "e4612310-1dcc-47e3-9b35-8e09f442e271", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/oxfemale.bsky.social/post/3mlqczf7kbf2r", "content": "Original text by Federico Kirschbaum / Andres Luksenberg\n\n\nXBOW\u2019s article details CVE-2026-45185, a critical unauthenticated remote code execution bug in Exim. The vulnerability appear\nhttps://core-jmp.org/2026/05/one-newline-to-own-exim-how-a-tiny-tls-bdat-use-after-free-became-unauthenticated-rce/", "creation_timestamp": "2026-05-13T12:37:39.358565Z"}, {"uuid": "b73bd417-c27d-4092-bb31-79fd7fe24f31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/newsycombinatorbot.bsky.social/post/3mlp44llqrr27", "content": "Dead.Letter (CVE-2026-45185) \u2013 How XBOW found an unauthenticated RCE on Exim (xbow.com)\n\nDiscussion | Main Link", "creation_timestamp": "2026-05-13T01:01:30.463863Z"}, {"uuid": "615c9b3d-55fc-4046-ac6f-789b86493f5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mlpb3on5ls2s", "content": "Top 3 CVE for last 7 days:\nCVE-2026-43284: 129 interactions\nCVE-2026-43500: 94 interactions\nCVE-2026-31431: 76 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-45185: 8 interactions\nCVE-2026-41940: 5 interactions\nCVE-2026-42208: 5 interactions\n", "creation_timestamp": "2026-05-13T02:30:29.521011Z"}, {"uuid": "b0ebd6ae-43cf-4971-951b-7eecc7a71a47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mlpliukxuz25", "content": "AI Hacked Your Mail Server: CVE-2026-45185 Exim RCE &amp; The Dawn of Autonomous Offensive Security +\u00a0Video\n\nIntroduction: The discovery of CVE-2026-45185\u2014an unauthenticated remote code execution (RCE) vulnerability in Exim, the world\u2019s most widely deployed mail transfer agent (MTA)\u2014marks a tectonic\u2026", "creation_timestamp": "2026-05-13T05:36:49.060926Z"}, {"uuid": "07b8fca0-95e1-4e8c-81b2-d69f447a08f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://www.acn.gov.it/portale/w/exim-poc-pubblico-per-lo-sfruttamento-della-cve-2026-45185", "content": "", "creation_timestamp": "2026-05-13T05:08:35.000000Z"}, {"uuid": "f20c36c1-9ce1-481d-b551-a06611958ca9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mlrif2f3cl2k", "content": "Critical Exim Vulnerability Exposes Servers to Full Remote Takeover \u2014 CVE-2026-45185 Sparks Global Cybersecurity\u00a0Alarm\n\n\u26a0\ufe0f Massive Security Risk Discovered in Exim Mail Servers Using GnuTLS Introduction: A Dangerous Flaw That Turns Email Infrastructure Into an Open Door A newly discovered critical\u2026", "creation_timestamp": "2026-05-13T23:46:19.217450Z"}, {"uuid": "b697cdf0-e48e-4829-9626-a652a0ba0dc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlqvtbi5ak2r", "content": "6/ \ud83d\udce7 Exim CVE-2026-45185 \"Dead.Letter\": use-after-free RCE in the mail server running 57% of global email. Patched today. Update Exim now \u2014 if you haven't already, attackers will find it fast. (Hacker News)", "creation_timestamp": "2026-05-13T18:14:23.665409Z"}, {"uuid": "935013b5-f44c-4f51-b116-a77b455e13e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlqvtbijws2r", "content": "6/ \ud83d\udce7 Exim CVE-2026-45185 \"Dead.Letter\": use-after-free RCE in the mail server running 57% of global email. Patched today. Update Exim now \u2014 if you haven't already, attackers will find it fast. (Hacker News)", "creation_timestamp": "2026-05-13T18:14:24.819527Z"}, {"uuid": "74f3f0ff-45f1-4400-8fc3-7652461f10ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlqvtbikw22r", "content": "6/ \ud83d\udce7 Exim CVE-2026-45185 \"Dead.Letter\": use-after-free RCE in the mail server running 57% of global email. Patched today. Update Exim now \u2014 if you haven't already, attackers will find it fast. (Hacker News)", "creation_timestamp": "2026-05-13T18:18:56.375288Z"}, {"uuid": "94c66c3b-3d23-4932-b018-cbb2dd99be07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlqvtbilvc2r", "content": "6/ \ud83d\udce7 Exim CVE-2026-45185 \"Dead.Letter\": use-after-free RCE in the mail server running 57% of global email. Patched today. Update Exim now \u2014 if you haven't already, attackers will find it fast. (Hacker News)", "creation_timestamp": "2026-05-13T18:23:26.544033Z"}, {"uuid": "28a01bc0-f218-4a2d-ab45-5da80aa73321", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlqvtbints2r", "content": "6/ \ud83d\udce7 Exim CVE-2026-45185 \"Dead.Letter\": use-after-free RCE in the mail server running 57% of global email. Patched today. Update Exim now \u2014 if you haven't already, attackers will find it fast. (Hacker News)", "creation_timestamp": "2026-05-13T18:24:35.952869Z"}, {"uuid": "62c4e4d0-be26-4cec-9a82-2f2d5b363afc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlqvtbiot22r", "content": "6/ \ud83d\udce7 Exim CVE-2026-45185 \"Dead.Letter\": use-after-free RCE in the mail server running 57% of global email. Patched today. Update Exim now \u2014 if you haven't already, attackers will find it fast. (Hacker News)", "creation_timestamp": "2026-05-13T18:24:38.052968Z"}, {"uuid": "fede53d3-c4bd-415c-a36d-a25377387c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlqvtbipsc2r", "content": "6/ \ud83d\udce7 Exim CVE-2026-45185 \"Dead.Letter\": use-after-free RCE in the mail server running 57% of global email. Patched today. Update Exim now \u2014 if you haven't already, attackers will find it fast. (Hacker News)", "creation_timestamp": "2026-05-13T18:27:04.403070Z"}, {"uuid": "30fa03c5-2761-4ffe-a589-5a6f7fa22d40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlqvtbipsd2r", "content": "6/ \ud83d\udce7 Exim CVE-2026-45185 \"Dead.Letter\": use-after-free RCE in the mail server running 57% of global email. Patched today. Update Exim now \u2014 if you haven't already, attackers will find it fast. (Hacker News)", "creation_timestamp": "2026-05-13T18:30:03.417073Z"}, {"uuid": "ac055f1a-8b20-4e25-a838-8ec2efcdebba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlqvtbiqrl2r", "content": "6/ \ud83d\udce7 Exim CVE-2026-45185 \"Dead.Letter\": use-after-free RCE in the mail server running 57% of global email. Patched today. Update Exim now \u2014 if you haven't already, attackers will find it fast. (Hacker News)", "creation_timestamp": "2026-05-13T18:32:19.385192Z"}, {"uuid": "6ad97ac5-ec76-4ef5-b745-76891e0c8f46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://t.me/true_secator/8200", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0432\u0430\u0436\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\n\n1. Fortinet \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0432\u0443\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 FortiSandbox \u0438 FortiAuthenticator, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0438\u043b\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0431\u0435\u0437 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u041f\u0435\u0440\u0432\u0430\u044f CVE-2026-44277 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 FortiAuthenticator \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (IAM) \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 FortiAuthenticator 6.5.7, 6.6.9 \u0438 8.0.3.\n\nFortinet \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 (CVE-2026-26083), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f RCE \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 FortiSandbox, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0443\u0433\u0440\u043e\u0437\u044b \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442 \u043e\u0431 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445, \u043d\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b Fortinet \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0447\u0430\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432 ransomware-\u0430\u0442\u0430\u043a\u0430\u0445\u00a0\u0438\u00a0\u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0435.\n\n2. Exim \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0435\u0439 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u043f\u0430\u043c\u044f\u0442\u0438 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430.\n\nCVE-2026-45185 (\u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a Dead.Letter) \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0438\u043f\u0430 \u00ab\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f\u00bb \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0442\u0435\u043b\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f Exim \u043f\u0440\u0438 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0435 \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (BDAT) \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 TLS-\u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e GnuTLS.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Exim, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 4.97 \u0438 \u0437\u0430\u043a\u0430\u043d\u0447\u0438\u0432\u0430\u044f 4.99.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u043d\u0430 \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u0431\u043e\u0440\u043e\u043a, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 USE_GNUTLS=yes, \u0442\u043e \u0435\u0441\u0442\u044c \u0441\u0431\u043e\u0440\u043a\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 TLS, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a OpenSSL, \u043d\u0435 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b.\n\n3. \u041f\u043e\u043b\u044c\u0441\u043a\u0438\u0439 CERT \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0434\u0432\u0435 XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0431\u0443\u0447\u0435\u043d\u0438\u0435\u043c ATutor, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u0431\u0443\u0434\u0443\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u0440\u043e\u0435\u043a\u0442 \u0437\u0430\u0431\u0440\u043e\u0448\u0435\u043d \u0443\u0436\u0435 \u0432\u043e\u0441\u0435\u043c\u044c \u043b\u0435\u0442.\n\n4. Raelize \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 Claude \u0434\u043b\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0430\u0442\u0430\u043a\u0438 \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043e\u0448\u0438\u0431\u043e\u043a \u0438 \u043e\u0431\u0445\u043e\u0434\u0430 Secure Boot, \u0447\u0442\u043e, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u00ab\u043f\u0435\u0440\u0432\u043e\u0439 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0437\u0430\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u043e\u0439 \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043e\u0448\u0438\u0431\u043e\u043a, \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u043e\u0439 \u0418\u0418.\n\n5. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041a\u0438\u043c \u0414\u0432\u0430\u0448 \u0440\u0430\u0441\u043a\u0440\u044b\u043b GhostLock - \u043d\u043e\u0432\u0443\u044e \u0442\u0435\u0445\u043d\u0438\u043a\u0443, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0430\u043c \u043d\u0430 \u043d\u0435\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0439 \u0441\u0440\u043e\u043a \u0432\u043d\u0443\u0442\u0440\u0438 \u0441\u0435\u0442\u0435\u0439 Windows (\u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d PoC).\n\n\u0422\u0435\u0445\u043d\u0438\u043a\u0430 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u0430 \u043d\u0430 API Windows \u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0447\u0435\u0440\u0435\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0435\u0441\u043b\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0434\u043e\u043c\u0435\u043d\u0430 Windows \u0438\u043c\u0435\u0435\u0442 \u043d\u0438\u0437\u043a\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u0431\u044b\u0447\u043d\u043e\u0439 \u043e\u0431\u0449\u0435\u0439 \u043f\u0430\u043f\u043a\u0435 SMB. GhostLock \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u0435, \u043d\u0435 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u043d\u0430 \u0434\u0438\u0441\u043a \u0438 \u043d\u0435 \u0432\u044b\u0434\u0430\u0435\u0442 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432 \u0434\u043b\u044f \u043e\u0431\u044b\u0447\u043d\u044b\u0445 EDR.\n\n6. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 n8n AI \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u0441\u0447\u0435\u0440\u043f\u0430\u0442\u044c \u0435\u0433\u043e \u043f\u0430\u043c\u044f\u0442\u044c \u0438 \u0437\u0430\u043f\u0440\u0435\u0442\u0438\u0442\u044c \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0435 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432. \u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-42236 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043f\u0440\u043e\u0437\u0432\u0438\u0449\u0435 OverDoS.\n\n7. Microsoft \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043d\u043e\u0432\u0443\u044e \u043c\u043d\u043e\u0433\u043e\u043c\u043e\u0434\u0435\u043b\u044c\u043d\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0418\u0418 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c\u00a0MDASH, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u0443\u044e \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u041f\u0440\u0438\u0447\u0435\u043c MDASH \u0443\u0436\u0435 \u043f\u0440\u043e\u0448\u0435\u043b \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443, \u0432\u044b\u044f\u0432\u0438\u0432 16 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 Patch Tuesday \u044d\u0442\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430.\u00a0\n\n8. Palo Alto Networks \u043e\u0431\u044b\u0447\u043d\u043e \u043f\u0443\u0431\u043b\u0438\u043a\u0443\u0435\u0442 5-10 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u0432 \u043c\u0435\u0441\u044f\u0446. \u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u0441\u0440\u0435\u0434\u0443 \u043e\u043d\u0430 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 26 \u043d\u043e\u0432\u044b\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 (\u0434\u043b\u044f 75 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439), \u0447\u0442\u043e \u0441\u0442\u0430\u043b\u043e \u0440\u0435\u043a\u043e\u0440\u0434\u043e\u043c \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u043c\u0443 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u044e \u043f\u0435\u0440\u0435\u0434\u043e\u0432\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u0418\u0418, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a Mythos.\n\nPalo Alto Networks \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u0430 \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u043c\u043e\u0434\u0435\u043b\u0438 \u0418\u0418 \u043d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0432 \u0436\u0438\u0437\u043d\u0435\u043d\u043d\u044b\u0439 \u0446\u0438\u043a\u043b \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u041f\u041e, \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u043f\u043e\u043f\u0430\u0434\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u0434.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0436\u0438\u0434\u0430\u044e\u0442 \u043a\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0443\u0432\u0435\u043b\u0438\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e \u043c\u0435\u0440\u0435 \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u044f \u0418\u0418-\u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c \u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u043d\u0435\u0437\u0430\u043c\u0435\u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0443 \u043d\u0438\u0445 \u0435\u0441\u0442\u044c \u0432\u0441\u0435\u0433\u043e 3-5 \u043c\u0435\u0441\u044f\u0446\u0435\u0432, \u0447\u0442\u043e\u0431\u044b \u043e\u043f\u0435\u0440\u0435\u0434\u0438\u0442\u044c \u043f\u0440\u043e\u0442\u0438\u0432\u043d\u0438\u043a\u043e\u0432.", "creation_timestamp": "2026-05-13T18:30:06.000000Z"}, {"uuid": "558d400e-be78-46c1-9d63-9ed2031988f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mlre57rjqw22", "content": "Critical Exim flaw CVE-2026-45185 lets unauthenticated attackers gain remote code execution on servers using GnuTLS and BDAT traffic. Exim 4.99.3 fixes it. #Exim #CVE202645185 #GnuTLS", "creation_timestamp": "2026-05-13T22:30:55.180931Z"}, {"uuid": "bd91fb6a-2cc9-46cd-b5e8-6a41e2901cdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "Telegram/Ab4OFqOZ0GdnyIUaC77uZ2CbzoeHzh_CrZHfEopJ-gCMQVg", "content": "", "creation_timestamp": "2026-05-14T09:00:04.000000Z"}, {"uuid": "a96bd03d-b8a6-4573-9efd-8a91ad8a126b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/checkmarxzero.bsky.social/post/3mltpywq5552w", "content": "\ud83d\udea8 Exim v4.99.3 is out, patching a critical use-after-free vulnerability. CVE-2026-45185 allows unauthenticated #RCE, affecting versions prior to v4.99.3. Exim often sits under mail-handling stacks and appliances, extending the blast radius past direct deployments. Upgrade to v4.99.3.", "creation_timestamp": "2026-05-14T21:08:01.625665Z"}, {"uuid": "48d5bbe6-3f6b-42f8-8f5f-d3d551be337e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "Telegram/zanJGZJPiwUlKnErzkMtjnj0Co8i3QOe5DXSOFRRdVcGhA", "content": "", "creation_timestamp": "2026-05-13T05:14:43.000000Z"}, {"uuid": "4b2e03e1-88da-4b33-b8f9-4ab162c5e717", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://t.me/bizone_channel/2675", "content": "\ud83d\udd3a \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 Exim \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \n\nCVE-2026-45185 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u0441\u043e\u0431\u0440\u0430\u043d\u043d\u044b\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 GnuTLS. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 9,8 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c BI.ZONE EASM, \u0432 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u043c \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0435 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0434\u043e 20 \u0442\u044b\u0441\u044f\u0447 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 Exim-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u044b \u0432\u0435\u0440\u0441\u0438\u0438 Exim \u0441 4.97 \u043f\u043e 4.99.2 \u043d\u0430 Debian, Ubuntu \u0438 \u0438\u0445 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u043d\u044b\u0445, \u0435\u0441\u043b\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043e \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u0435 STARTTLS \u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u043f\u0438\u0441\u0435\u043c \u0447\u0430\u0441\u0442\u044f\u043c\u0438 CHUNKING/BDAT. \n\n\u27a1\ufe0f\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435 \u043e \u0442\u043e\u043c, \u043a\u0430\u043a \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440, \u0447\u0438\u0442\u0430\u0439\u0442\u0435 \u0432 \u0441\u0442\u0430\u0442\u044c\u0435\n\n\ud83d\udcac \u041c\u044b \u0432 MAX\n\ud83d\udc99 \u041c\u044b \u0432\u043e \u00ab\u0412\u041a\u043e\u043d\u0442\u0430\u043a\u0442\u0435\u00bb", "creation_timestamp": "2026-05-15T09:02:31.000000Z"}, {"uuid": "b3239b67-36f8-4d18-8280-af3d79738bbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://t.me/bdufstecru/3155", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 ungetc() \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 BDAT/CHUNKING \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Exim \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434\n\nBDU:2026-06520\nCVE-2026-45185\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/\nhttps://www.exim.org/static/doc/security/EXIM-Security-2026-05-01.1/EXIM-Security-2026-05-01.1.txt\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443;\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0441 \u0446\u0435\u043b\u044c\u044e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0438\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u0434\u0441\u0435\u0442\u0435\u0439;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f (\u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f, \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438) \u0438 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438;\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442).", "creation_timestamp": "2026-05-13T14:44:43.000000Z"}, {"uuid": "e093f543-328e-4887-8a2b-71c8e0e8048e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://t.me/GithubRedTeam/84159", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-45185-detection-script\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a materaj2\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-14 03:57:26\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nThese detection scripts are property of the SECPlayground Platform.  Two safe detection scripts. Neither drives the close_notify-mid-BDAT trigger, so they will not crash the daemon or leave panic-log entries.  Both verdicts are \"likely vulnerable\" \u2014 distinguishing GnuTLS from OpenSSL builds remotely is not reliable without exploitation.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-14T04:00:04.000000Z"}, {"uuid": "c1c43c40-7caf-4643-b904-131e61e49b96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mlt4bssdph2x", "content": "Heads up, sysadmins! Exim's new critical RCE (CVE-2026-45185) is a use-after-free flaw allowing unauthenticated remote code execution. This isn't theoretical; it's a direct threat to your mail server. Patch to 4.99.3 immediately.\n\nhttps://www.tpp.blog/mo2xche\n\n#cybersecurity #exim #cve202645185", "creation_timestamp": "2026-05-14T15:15:22.088007Z"}, {"uuid": "77785e30-df20-4804-9599-ee84200bd882", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://t.me/thebugbountyhunter/10567", "content": "Dead.Letter (CVE-2026-45185) How XBOW Found an Unauthenticated RCE on Exim\n\nhttps://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim", "creation_timestamp": "2026-05-13T07:04:49.000000Z"}, {"uuid": "d0443c04-080f-4578-a884-6e0703ecbd04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://t.me/thehackernews/8995", "content": "\ud83d\ude33 One sneaky plaintext byte is all it takes.\n\nExim\u2019s new \u201cDead.Letter\u201d (CVE-2026-45185) triggers when a client sends a TLS close_notify mid-BDAT, then slips in a final \\n.\n\nThat single write hits a freed TLS buffer \u2192 corrupts heap allocator metadata on GnuTLS builds (4.97\u20134.99.2).\n\nXBOW calls it one of the highest-caliber bugs they\u2019ve seen in Exim.\n\nPatch to 4.99.3 right now \ud83d\udc47 https://thehackernews.com/2026/05/new-exim-bdat-vulnerability-exposes.html", "creation_timestamp": "2026-05-13T18:26:18.000000Z"}, {"uuid": "5d69707d-ce58-4293-a870-c809c1338651", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3mlrqbzpha22s", "content": "The latest update for #CyCognito includes \"Emerging Threat: (CVE-2026-45185) Exim Remote Code Execution via BDAT over GnuTLS\" and \"The Force Awakens Your Attack Surface\".\n \n#cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X", "creation_timestamp": "2026-05-14T02:07:47.342865Z"}, {"uuid": "e336fcf5-2cc6-4502-9b73-156c6ab6fbb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "Telegram/4V1L8rm_ci8R4NTF3AvtHqkyJLl9nOzw6nvw-H3zHaDaYho", "content": "", "creation_timestamp": "2026-05-13T03:00:06.000000Z"}, {"uuid": "1b61565f-78ac-400e-98a4-da76e9375462", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "Telegram/srnoXLl9bkLkDSlJ8bvIAqar10mxf59ENaUrLiAHevOuKig", "content": "", "creation_timestamp": "2026-05-12T23:00:14.000000Z"}, {"uuid": "cfdb8609-fc3e-4666-9653-283707cd4536", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/xbow.com/post/3mmcexmjiou2r", "content": "In BleepingComputer, Bill Toulas covers XBOW\u2019s discovery of CVE-2026-45185, a critical unauthenticated Exim RCE, and the crucial role AI tools play in helping security researchers to understand unfamiliar code and investigate vulnerabilities faster. Read on: https://bit.ly/3Rg6MoM", "creation_timestamp": "2026-05-20T17:00:23.065199Z"}, {"uuid": "bf21a747-8e60-493d-88d5-aebc7b4c7f36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://t.me/GithubRedTeam/84928", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Nuclei\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a POC_CVE-2026-45185\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a MJ-bin\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Dockerfile\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-20 05:48:04\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPOC_CVE-2026-45185 for nuclei-templates\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-20T07:42:21.000000Z"}, {"uuid": "09c1221a-869a-406f-847f-b99297b4da01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "published-proof-of-concept", "source": "Telegram/b_brEa1AM-wYrDizkOgnmuLPH6e_NEwnqckW9eUq5IhqBH8", "content": "", "creation_timestamp": "2026-05-19T19:00:09.000000Z"}, {"uuid": "4e162f43-ffd7-47b1-843f-e42c2fc5bbe5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "published-proof-of-concept", "source": "Telegram/SM41ZgDjE5GCx8_K5BndOjKQZfdnq7khstyXQtIQ9aWd83s", "content": "", "creation_timestamp": "2026-05-19T21:00:04.000000Z"}, {"uuid": "8dd339d6-fc1c-4118-a7c1-0f6e6e1dea11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45185", "type": "seen", "source": "https://bsky.app/profile/xbow.com/post/3mmgyicyc3424", "content": "XBOW found CVE-2026-45185, reported it responsibly, then used the disclosure window to test a harder question:\n\nHow far can autonomous exploit development go against real-world native code?\n\nFull write-up here: https://bit.ly/42yKTmX", "creation_timestamp": "2026-05-22T13:00:23.300198Z"}]}