2

    cve-2026-45185-dead-letter

    by Liam Romanis

    Detect and remediate CVE-2026-45185 "Dead.Letter" RCE vulnerabilities in Exim mail servers.

    Updated Jun 2026
    Security scanned

    $5

    · or 25 credits

    30-day refund guarantee

    Secure checkout via Stripe

    Included in download

    • Audit Exim server for Dead.Letter RCE vulnerabilities.
    • Verify if Exim is linked against vulnerable GnuTLS libraries.
    • terminal, file_read automation included
    • Instant install

    Sample input

    Check if my Exim mail server is vulnerable to the Dead.Letter exploit and show me how to fix it if it is.

    Sample output

    [!] VULNERABLE: Exim v4.98 detected with GnuTLS. Check 1: Exim present [OK] Check 2: Version 4.98 [VULNERABLE] Check 3: Linked to GnuTLS [VULNERABLE] Check 4: CHUNKING enabled [VULNERABLE]

    Remediation: Upgrade to Exim 4.99.3 or set 'chunking_advertise_hosts =' to disable BDAT.

    About This Skill

    What it does

    This skill provides a specialized security audit for CVE-2026-45185 (Dead.Letter), a high-severity use-after-free vulnerability affecting Exim mail servers. It performs a comprehensive, read-only analysis of your system to determine if the local Exim installation is susceptible to remote code execution (RCE).

    How it works

    The skill executes a multi-point inspection of the host environment, checking:

    • Binary Versions: Targets Exim 4.97 through 4.99.2.
    • Library Linkage: Specifically detects GnuTLS builds, as OpenSSL-linked versions are unaffected.
    • Configuration State: Audits BDAT/CHUNKING settings to see if the vulnerable path is exposed.
    • System Mitigations: Evaluates ASLR levels and systemd hardening like MemoryDenyWriteExecute.

    Why use this skill

    Manually checking for "Dead.Letter" is error-prone because version numbers alone don't tell the whole story—vulnerability depends on the specific TLS library and configuration. This skill automates the detection logic, providing a definitive VULNERABLE, NOT VULNERABLE, or INCONCLUSIVE verdict with actionable remediation steps.

    Supported Environments

    Compatible with standard Linux mail server deployments (Ubuntu, Debian, RHEL) and containerized Exim instances. It requires no root privileges and makes no modifications to the system.

    Use Cases

    • Audit Exim server for Dead.Letter RCE vulnerabilities.
    • Verify if Exim is linked against vulnerable GnuTLS libraries.
    • Implement a CI/CD security gate to prevent deploying vulnerable mail configs.
    • Harden Exim systemd services with memory protection mitigations.

    Reviews

    No reviews yet - be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    Terminal / Shell
    Read Files

    File Scopes

    /proc/sys/kernel/randomize_va_space /etc/exim4/** /etc/exim/** /usr/local/etc/exim/** /usr/sbin/exim /usr/sbin/exim4 /usr/local/sbin/exim

    The script reads output from these locations to determine whether the system is vulnerable to CVE-2026-45185 (DeadLetter)

    Tags

    security
    cve
    exim
    mail
    rce
    gnutls
    devsecops
    cve-2026-45185
    deadletter
    Documentation

    Creator

    L

    Frequently Asked Questions

    Learn More About AI Agent Skills

    More Premium Skills

    designing-hybrid-context-layers

    Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.

    $1012 installs

    consumer-motivation-analyzer

    Go beyond surface-level feedback to uncover the psychological drivers and hidden motivations behind buyer behavior.

    $199 installs

    keyword-research

    Transform URLs or product lists into SEO keyword research packs with Google Ads data and intent-based clustering.

    $77 installs

    Bounty Security Pattern Master Library — 399 Vulnerability Patterns

    A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.

    $756 installs