CVE-2020-28026
First published: Thu May 06 2021(Updated: )
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Exim Exim | >=4.00<4.94.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Exim vulnerability?
The vulnerability ID for this Exim vulnerability is CVE-2020-28026.
What is the severity of CVE-2020-28026?
The severity of CVE-2020-28026 is critical.
Which versions of Exim are affected by CVE-2020-28026?
Exim versions from 4.00 to 4.94.2 are affected by CVE-2020-28026.
What is the impact of CVE-2020-28026?
CVE-2020-28026 can allow unauthenticated remote attackers to execute arbitrary code.
Is there a fix available for CVE-2020-28026?
Yes, the fix for CVE-2020-28026 is included in Exim version 4.94.2.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/exim
- canonical/exim exim
- version/exim exim/4.00