A code audit of Exim, a widely used mail transfer agent, has revealed 21 previously unknown vulnerabilities. Some of these can be chained together to achieve unauthenticated remote code execution on the Exim Server. They have all been fixed in Exim v4.94.2, and the software maintainers advise users to update their instances as soon as possible. The software is free and bundled with most Unix-like systems, and comes pre-installed on several Linux distributions. The NSA warned about an Exim vulnerability getting exploited by the Sandworm APT last year.
Source: https://www.helpnetsecurity.com/2021/05/05/21-exim-vulnerabilities/