CVE-2019-10149

ENISA EUVD: EUVD-2019-2187 ↗
Exploited in the Wild ✓ Confirmed 0-Day
Triaged: March 20, 2026 4 articles Published: 2019-06-05
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
93.92%
probability
This CVE has a 93.92% probability of being exploited in the next 30 days.
0% Top 99.9th percentile of all CVEs 100%

CVSS v3.0

Source: VulnerabilityLookup (CIRCL)
9
CRITICAL
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2 (legacy)

10.0
HIGH
Access Vector
Network
Access Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

Affected Products

exim
exim
4.92

Exploits & PoC

bananaphones/exim-rce-quickfix

quick fix for CVE-2019-10149, works on Debian\Ubuntu\Centos

22 2019-06-14
Diefunction/CVE-2019-10149

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in

19 2021-06-04
cowbe0x004/eximrce-CVE-2019-10149

simple python socket connection to test if exim is vulnerable to CVE-2019-10149. The payload simply touch a file in /tmp/eximrce.

14 2019-07-08
MNEMO-CERT/PoC--CVE-2019-10149_Exim

PoC for CVE-2019-10149, this vulnerability could be xploited betwen 4-87 to 4.91 version of Exim server.

14 2019-06-18
AzizMea/CVE-2019-10149-privilege-escalation

CVE-2019-10149 privilege escalation

9 2019-06-27
darsigovrustam/CVE-2019-10149

Instructions for installing a vulnerable version of Exim and its expluatation

5 2023-04-09
Chris-dev1/exim.exp

CVE-2019-10149

4 2019-09-05
Brets0150/StickyExim

Exim Honey Pot for CVE-2019-10149 exploit attempts.

3 2019-08-06
cloudflare/exim-cve-2019-10149-data

Data Collection Related to Exim CVE-2019-10149

3 2026-04-23
Stick-U235/CVE-2019-10149-Exploit

Exploit for CVE-2019-10149

2 2021-07-29
aishee/CVE-2019-10149-quick

Simple Bash shell quick fix CVE-2019-10149

1 2019-06-14
uyerr/PoC_CVE-2019-10149--rce

Remote Command Execution into shell from a vulnerable exim service.

1 2024-11-24
Dilshan-Eranda/CVE-2019-10149

SNP Assignment on a Linux vulnerability

0 2020-05-12
rahmadsandy/EXIM-4.87-CVE-2019-10149
0 2023-03-07
hyim0810/CVE-2019-10149

CVE-2019-10149

0 2023-10-25
qlusec/CVE-2019-10149

test POC for CVE-2019-10149

0 2024-09-06
VoyagerOnne/Exim-CVE-2019-10149

PoC for exploitation of vulnerability CVE-2019-10149

0 2025-04-11
CybersRMUTL/CVE-2019-10149-Exim4-RCE
0 2026-01-21
Ambrella-Security/CVE-2019-10149

Vulnerability Research and Exploit for CVE-2019-10149

0 2026-05-07
19 repos — triés par ⭐ Rechercher sur GitHub ↗

Signal Intelligence

Confidence
92%
EPSS 93.92%
CVSS v3.0 9
Mentions 4
Last Seen Sep 29, 2023

CNA Information

CNA Assigner
redhat

Analyst Note

CVE-2019-10149 is an Exim RCE vulnerability explicitly described as a zero-day with active in-the-wild exploitation. Multiple authoritative sources (TheHackerNews, BleepingComputer, Qualys) confirm exploitation occurred coincident with vendor patch release in 2019. Qualys's discovery report states the vulnerability was 'currently being actively attacked in the wild' at disclosure time.

Threat Actors 4

Turla Group
apt_group Information theft and espionage Russian Federation
Kinsing
apt_group 🇷🇺 RU
ELECTRUM
apt_group Information theft and espionage 🇷🇺 RU
TeamTNT
apt_group 🇩🇪 DE

Triage Info

Decided atMar 20, 2026
Published DateJun 05, 2019