Skip to main content

SEPPmail Secure Email Gateway CVE-2026-44128

| EUVDEUVD-2026-28588 CRITICAL
Eval Injection (CWE-95)
2026-05-08 NCSC.ch GHSA-qwq6-r6c6-68jr
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
May 08, 2026 - 14:33 EUVD
Analysis Generated
May 08, 2026 - 14:31 vuln.today
CVSS changed
May 08, 2026 - 14:22 NVD
9.3 (CRITICAL)
CVE Published
May 08, 2026 - 13:13 nvd
CRITICAL 9.3

DescriptionCVE.org

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.

AnalysisAI

Remote code execution in SEPPmail Secure Email Gateway versions prior to 15.0.2.1 enables unauthenticated attackers to execute arbitrary Perl code via the GINA UI. The vulnerability stems from an endpoint passing unsanitized user input directly to Perl's eval function, allowing complete system compromise. Reported by Switzerland's national CERT (NCSC.ch), this represents a critical pre-authentication attack surface requiring immediate patching.

Technical ContextAI

The vulnerability exploits Perl's eval function, which dynamically executes arbitrary code passed as strings. The new GINA UI (likely SEPPmail's Generation-Integrated Next Architecture interface) contains an endpoint that fails to sanitize attacker-controlled parameter input before passing it to eval. This is a textbook CWE-95 (Improper Neutralization of Directives in Dynamically Evaluated Code) vulnerability. When untrusted data flows directly into eval without validation, attackers can inject malicious Perl commands that execute with the privileges of the web application process. This affects SEPPmail Secure Email Gateway (cpe:2.3:a:seppmail_ag:secure_email_gateway), an enterprise email security appliance handling message filtering, encryption, and threat detection for organizations.

RemediationAI

Upgrade to SEPPmail Secure Email Gateway version 15.0.2.1 or later immediately, as documented in the vendor's external release notes at https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security. Given the unauthenticated remote code execution nature, this should be treated as an emergency patch cycle. If immediate patching is not feasible, implement network-level access restrictions to the GINA UI: restrict access to the vulnerable endpoint to trusted management networks only via firewall rules or reverse proxy controls, blocking all internet-facing access. Identify the specific GINA UI URL paths and apply allowlist-based access control. Monitor authentication logs and web server access logs for unusual POST/GET requests to GINA endpoints, particularly those containing Perl code patterns (system, exec, backticks, pipe operators). Note that access restrictions are temporary mitigations only and introduce operational overhead for legitimate remote administration - plan for rapid patch deployment within 24-48 hours of detection.

CVE-2024-9043 CRITICAL
9.8 Sep 20

Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Rated critical severit

CVE-2024-20401 CRITICAL
9.8 Jul 17

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unau

CVE-2024-6744 CRITICAL
9.8 Jul 15

The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Ove

CVE-2026-44125 CRITICAL
9.3 May 08

Authorization bypass in SEPPmail Secure Email Gateway versions prior to 15.0.4 enables remote unauthenticated attackers

CVE-2026-44127 HIGH
8.8 May 08

Remote unauthenticated attackers can read arbitrary local files and trigger deletion of targeted files in SEPPmail Secur

CVE-2026-29144 HIGH
7.8 Apr 02

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers to bypass subject sanitization and forge security t

CVE-2026-29143 HIGH
7.8 Apr 02

SEPPmail Secure Email Gateway before version 15.0.3 fails to properly authenticate inner messages within S/MIME-encrypte

CVE-2026-29139 HIGH
7.8 Apr 02

Account takeover in SEPPmail Secure Email Gateway versions before 15.0.3 allows unauthenticated attackers to reset victi

CVE-2026-29141 HIGH
7.7 Apr 02

SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to bypass subject line sanitization controls

CVE-2026-29140 HIGH
7.7 Apr 02

SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to inject malicious certificates into S/MIME

CVE-2026-8811 HIGH
7.1 Jun 18

Path traversal in SEPPmail Secure Email Gateway versions before 15.0.5 allows authenticated remote attackers to write fi

CVE-2026-7864 MEDIUM
6.9 May 08

SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endp

Share

CVE-2026-44128 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy