CVE-2018-6789 — Exim Exim

known ransomware use

Exim Buffer Overflow Vulnerability

Added to KEV

2021-11-03

Federal due date

2022-05-03

Vendor

Exim

Product

Exim

EPSS

99.4th percentile (score 0.866, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Known

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2018-6789

CISA short description

Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.

Required action

Apply updates per vendor instructions.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.