Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.

Published

2025-02-21T13:15:11.687

Last Modified

2025-09-25T13:12:00.833

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	exim	exim	< 4.98.1	Yes

References

https://bugzilla.suse.com/show_bug.cgi?id=1237424 Issue Tracking, Third Party Advisory ([email protected])
https://code.exim.org/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305 Patch ([email protected])
https://exim.org Product ([email protected])
https://github.com/Exim/exim/wiki/EximSecurity Vendor Advisory ([email protected])
https://github.com/NixOS/nixpkgs/pull/383926 Release Notes ([email protected])
https://github.com/openbsd/ports/commit/584d2c49addce9ca0ae67882cc16969104d7f82d Patch ([email protected])
https://www.exim.org/static/doc/security/CVE-2025-26794.txt Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2025/02/19/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/02/21/4 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/02/21/5 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)