Dead.letter (CVE-2026-45185) Humans vs. LLM for Unauthenticated RCE Race on Exim

Security researchers at XBOW dropped a seriously scary finding: a flaw in Exim, a widely used mail server, that could let strangers take over a machine from afar with no login needed. Even spicier, they used the disclosure period to stage a humans vs. AI showdown, testing whether a seasoned exploit writer or an autonomous large language model could get farther, faster. That alone was enough to light up the comments, but the crowd quickly turned the whole thing into a mix of dread, eye-rolling, and gallows humor.

The strongest vibe? Exasperation. One commenter basically summed up the room with, “Ok now do postfix,” turning a major security report into a deadpan sequel request. Others were less amused by the article’s dramatic prose than by the bug itself, with one reader instantly recoiling at the “this is a story” intro: “Gag.” And then there was the classic blame game. Because the issue shows up when Exim is using GnuTLS, one commenter pulled out the old “GNU and security problems” trope and acted like this was the least shocking twist imaginable.

Meanwhile, the practical crowd was annoyed for a totally different reason: the release process sounded messy. One person complained that security notices were landing without matching details, which made the supposedly coordinated rollout feel anything but coordinated. Add in commenters linking older Exim disasters from 2023 and 2020, and the mood became clear: part panic, part meme, part “here we go again.”