Seppmail
CVE-2026-27442
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway.
AnalysisAI
Improper filename validation in SEPPmail Secure Email Gateway's GINA web interface (versions before 15.0.1) enables unauthenticated remote attackers to access arbitrary files on the gateway through specially crafted encrypted email attachments. This path traversal vulnerability affects the confidentiality of sensitive data stored on affected systems. No patch is currently available.
Technical ContextAI
Classified as CWE-22 (Path Traversal). Affects Seppmail. The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway.
RemediationAI
Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists. Restrict network access to the affected service where possible.
Remote code execution in SeppMail secure email gateway versions 15.0.2.1 and earlier allows unauthenticated attackers to
Command injection in SEPPmail Secure Email Gateway before 15.0.1 via PDF encryption password.
SEPPmail Secure Email Gateway versions before 15.0.1 fail to properly validate S/MIME message headers, enabling attacker
SEPPmail Secure Email Gateway versions prior to 15.0.1 fail to properly isolate decrypted PGP message content from surro
SEPPmail Secure Email Gateway versions before 15.0.1 misinterpret email addresses in message headers, enabling attackers
SEPPmail through 12.1.17 allows command injection within the Admin Portal. Rated medium severity (CVSS 6.0), this vulner
SEPPmail Secure Email Gateway versions before 15.0.1 fail to properly validate S/MIME certificates with whitespace chara
Seppmail versions up to 15.0.1 is affected by improper verification of cryptographic signature (CVSS 5.3).
Seppmail versions up to 15.0.1 is affected by improper verification of cryptographic signature (CVSS 5.3).
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today