Skip to main content

Secure Email Gateway CVE-2026-29137

| EUVDEUVD-2026-18154 MEDIUM
Improper Input Validation (CWE-20)
2026-04-02 NCSC.ch
5.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
15.0.3
EUVD ID Assigned
Apr 02, 2026 - 09:00 euvd
EUVD-2026-18154
Analysis Generated
Apr 02, 2026 - 09:00 vuln.today
CVE Published
Apr 02, 2026 - 08:42 nvd
MEDIUM 5.3

DescriptionCVE.org

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject.

AnalysisAI

SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to conceal security tags from end users by submitting emails with excessively long subject lines, enabling potential phishing and message spoofing attacks by bypassing visual security indicators. The vulnerability affects all versions prior to 15.0.3 across the product line and has been reported by Switzerland's National Cyber Security Centre (NCSC.ch). No active exploitation has been confirmed, and no public exploit code is currently available.

Technical ContextAI

SEPPmail Secure Email Gateway is an email security appliance that applies cryptographic signatures and security tags to classify messages (legitimate, phishing risk, etc.) for end-user awareness. The vulnerability stems from improper input validation (CWE-20: Improper Input Validation) in the subject line processing logic. When a subject line exceeds a certain length threshold, the gateway's tag-rendering engine fails to properly display or apply security tags to the message presentation layer. This allows an attacker to craft emails with intentionally long subjects that cause the security tag display mechanism to be bypassed or truncated, leaving recipients without visual indicators of message authenticity or risk classification. The issue is not a cryptographic weakness but a user interface bypass in the email client rendering layer.

RemediationAI

Vendor-released patch: SEPPmail Secure Email Gateway version 15.0.3 and later. Organizations running SEPPmail should upgrade immediately to version 15.0.3 or higher. No workarounds for this vulnerability are documented; patching is the primary mitigation. For detailed upgrade procedures and release notes, refer to the vendor's release notes at https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503. Administrators should verify successful deployment of the patched version and confirm that security tag rendering is functioning correctly on representative test emails.

CVE-2024-9043 CRITICAL
9.8 Sep 20

Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Rated critical severit

CVE-2024-20401 CRITICAL
9.8 Jul 17

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unau

CVE-2024-6744 CRITICAL
9.8 Jul 15

The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Ove

CVE-2026-44128 CRITICAL
9.3 May 08

Remote code execution in SEPPmail Secure Email Gateway versions prior to 15.0.2.1 enables unauthenticated attackers to e

CVE-2026-44125 CRITICAL
9.3 May 08

Authorization bypass in SEPPmail Secure Email Gateway versions prior to 15.0.4 enables remote unauthenticated attackers

CVE-2026-44127 HIGH
8.8 May 08

Remote unauthenticated attackers can read arbitrary local files and trigger deletion of targeted files in SEPPmail Secur

CVE-2026-29144 HIGH
7.8 Apr 02

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers to bypass subject sanitization and forge security t

CVE-2026-29143 HIGH
7.8 Apr 02

SEPPmail Secure Email Gateway before version 15.0.3 fails to properly authenticate inner messages within S/MIME-encrypte

CVE-2026-29139 HIGH
7.8 Apr 02

Account takeover in SEPPmail Secure Email Gateway versions before 15.0.3 allows unauthenticated attackers to reset victi

CVE-2026-29141 HIGH
7.7 Apr 02

SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to bypass subject line sanitization controls

CVE-2026-29140 HIGH
7.7 Apr 02

SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to inject malicious certificates into S/MIME

CVE-2026-8811 HIGH
7.1 Jun 18

Path traversal in SEPPmail Secure Email Gateway versions before 15.0.5 allows authenticated remote attackers to write fi

Share

CVE-2026-29137 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy