Skip to main content

SEPPmail Secure Email Gateway CVE-2026-7864

| EUVD-2026-28590 MEDIUM
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
2026-05-08 NCSC.ch GHSA-987g-rmgr-mpfx
Information Disclosure
6.9
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
May 08, 2026 - 14:33 EUVD
Analysis Generated
May 08, 2026 - 14:30 vuln.today
CVSS changed
May 08, 2026 - 14:22 NVD
6.9 (MEDIUM)
CVE Published
May 08, 2026 - 13:12 nvd
MEDIUM 6.9

DescriptionNVD

SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information.

AnalysisAI

SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the GINA UI, allowing remote attackers to retrieve sensitive system information including configuration details, internal paths, and potentially credentials. The vulnerability requires only network access to the affected endpoint with no authentication, authentication complexity, or user interaction; it is classified as an information disclosure flaw with limited confidentiality impact (CVSS 6.9).

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-7864 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy