CVE-2026-27444
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
2Description
SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it.
Analysis
SEPPmail Secure Email Gateway versions before 15.0.1 misinterpret email addresses in message headers, enabling attackers to spoof sender identities or decrypt encrypted communications due to inconsistent header parsing with standard mail infrastructure. This unauthenticated network-based vulnerability affects all default installations with no available patch, presenting significant risk to organizations relying on the gateway for email security.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all SEPPmail Secure Email Gateway deployments and their versions; notify security and email operations teams; assess current version against 15.0.1 threshold. Within 7 days: Implement compensating controls (see below); document all affected systems; establish daily monitoring for suspicious email authentication anomalies. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today