Exim BDAT Vulnerability Exposes Email Servers to Remote Attacks

**Executive Summary:** CVE-2026-45185 (aka "Dead.Letter") is a critical remote use-after-free vulnerability in Exim's BDAT (SMTP CHUNKING) processing when Exim is compiled with GnuTLS; a TLS close_notify during an active BDAT transfer followed by additional cleartext data can cause memory corruption and potentially lead to code execution. The flaw affects Exim 4.97 through 4.99.2 (GnuTLS builds) and is resolved in Exim 4.99.3; administrators are advised to upgrade immediately as no other mitigations are provided.