Cve 2026 45185 Dead Letter

Detect and remediate CVE-2026-45185 "Dead.Letter" RCE vulnerabilities in Exim mail servers.

Install
cmdop skills install agensi-cve-2026-45185-dead-letter

What it does

This skill provides a specialized security audit for CVE-2026-45185 (Dead.Letter), a high-severity use-after-free vulnerability affecting Exim mail servers. It performs a comprehensive, read-only analysis of your system to determine if the local Exim installation is susceptible to remote code execution (RCE).

How it works

The skill executes a multi-point inspection of the host environment, checking:

  • Binary Versions: Targets Exim 4.97 through 4.99.2.
  • Library Linkage: Specifically detects GnuTLS builds, as OpenSSL-linked versions are unaffected.
  • Configuration State: Audits BDAT/CHUNKING settings to see if the vulnerable path is exposed.
  • System Mitigations: Evaluates ASLR levels and systemd hardening like MemoryDenyWriteExecute.

Why use this skill

Manually checking for "Dead.Letter" is error-prone because version numbers alone don't tell the whole story—vulnerability depends on the specific TLS library and configuration. This skill automates the detection logic, providing a definitive VULNERABLE, NOT VULNERABLE, or INCONCLUSIVE verdict with actionable remediation steps.

Supported Environments

Compatible with standard Linux mail server deployments (Ubuntu, Debian, RHEL) and containerized Exim instances. It requires no root privileges and makes no modifications to the system.