EUVD-2026-28589
GHSA-wc7f-vvj8-28m9
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionNVD
SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code execution depending on the enabled template plugins.
AnalysisAI
Remote code execution in SEPPmail Secure Email Gateway versions before 15.0.4 allows unauthenticated attackers to execute arbitrary template expressions through a server-side template injection flaw in the GINA UI endpoint. The vulnerability requires no authentication and has low attack complexity, but depends on specific template plugin configurations (CVSS 4.0: 8.3 High with AT:P indicating present attack conditions). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Successful exploitation requires the GINA UI component to be accessible to the attacker (typically via network/internet exposure of the administrative interface) AND specific template plugins must be enabled that permit dangerous operations beyond simple variable substitution. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector indicates network-accessible exploitation with low attack complexity and no authentication required (AV:N/AC:L/PR:N), but the AT:P (Attack Requirements: Present) metric signals that specific conditions must exist for successful exploitation - likely the presence of vulnerable template plugins or specific GINA UI configurations. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated remote attacker identifies the SEPPmail GINA UI endpoint exposed to the internet and sends a crafted HTTP request containing malicious template expressions in parameters processed by the vulnerable template engine. If exploitation-enabling template plugins are present, the injected template code executes server-side with the privileges of the email gateway application, allowing the attacker to read sensitive email metadata, configuration files, or credentials from the system. … |
| Remediation | Upgrade to SEPPmail Secure Email Gateway version 15.0.4 or later as documented in the vendor security advisory at https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: identify all SEPPmail Secure Email Gateway instances and document current versions in use. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Remote code execution in Tautulli versions prior to 2.17.1 allows attackers to achieve unauthenticated RCE on fresh inst
Server-side template injection in Jupyter Enterprise Gateway versions 2.0.0rc2 through 3.2.x allows remote attackers to
Share
External POC / Exploit Code
Leaving vuln.today