Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address.
AnalysisAI
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers to upload PGP keys with mismatched User IDs and email addresses, enabling spoofing and potential information disclosure by circumventing email authentication controls. The vulnerability affects all versions prior to 15.0.3 and was reported by NCSC.ch. No public exploit code or active exploitation has been confirmed at the time of analysis.
Technical ContextAI
SEPPmail Secure Email Gateway is an email security appliance that manages PGP key infrastructure for encrypted communications. The vulnerability stems from insufficient input validation (CWE-20: Improper Input Validation) in the PGP key upload mechanism. The system fails to enforce consistency between a PGP key's User ID (UID) field and the actual email address associated with that key in the gateway's trust store. PGP UIDs are metadata fields within a key that typically identify the key owner; when these can be mismatched with registered email addresses, attackers can create keys that appear to belong to legitimate senders while actually being under attacker control. This undermines the core security model of PGP-based secure email by breaking the binding between identity assertion and cryptographic key ownership.
RemediationAI
Vendor-released patch: SEPPmail Secure Email Gateway version 15.0.3 or later. Organizations should immediately upgrade to version 15.0.3 to enforce proper validation of PGP key UIDs against registered email addresses. After patching, administrators should audit existing PGP keys in the gateway trust store to identify and remove any keys with mismatched UIDs or sender addresses; consult the vendor advisory at https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503 for detailed upgrade and validation procedures. No workarounds are documented; patching is the primary mitigation.
More in Secure Email Gateway
View allSecure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Rated critical severit
A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unau
The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Ove
Remote code execution in SEPPmail Secure Email Gateway versions prior to 15.0.2.1 enables unauthenticated attackers to e
Authorization bypass in SEPPmail Secure Email Gateway versions prior to 15.0.4 enables remote unauthenticated attackers
Remote unauthenticated attackers can read arbitrary local files and trigger deletion of targeted files in SEPPmail Secur
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers to bypass subject sanitization and forge security t
SEPPmail Secure Email Gateway before version 15.0.3 fails to properly authenticate inner messages within S/MIME-encrypte
Account takeover in SEPPmail Secure Email Gateway versions before 15.0.3 allows unauthenticated attackers to reset victi
SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to bypass subject line sanitization controls
SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to inject malicious certificates into S/MIME
Path traversal in SEPPmail Secure Email Gateway versions before 15.0.5 allows authenticated remote attackers to write fi
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18146
GHSA-g982-ffmg-jq3g