Skip to main content

Secure Email Gateway EUVDEUVD-2026-18152

| CVE-2026-29136 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-04-02 NCSC.ch
5.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
15.0.3
EUVD ID Assigned
Apr 02, 2026 - 09:00 euvd
EUVD-2026-18152
Analysis Generated
Apr 02, 2026 - 09:00 vuln.today
CVE Published
Apr 02, 2026 - 08:53 nvd
MEDIUM 5.3

DescriptionCVE.org

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates.

AnalysisAI

SEPPmail Secure Email Gateway before version 15.0.3 allows unauthenticated attackers to inject arbitrary HTML into notification emails about new CA certificates, enabling stored cross-site scripting (XSS) attacks against email recipients. An attacker with the ability to trigger CA certificate notifications can craft malicious HTML payloads that execute when recipients view the notification email, potentially leading to credential theft, malware distribution, or further compromise of email infrastructure. No public exploit code or active exploitation has been confirmed at the time of analysis.

Technical ContextAI

The vulnerability stems from insufficient input sanitization in the CA certificate notification email generation mechanism within SEPPmail Secure Email Gateway (CWE-79: Improper Neutralization of Input During Web Page Generation). The email notification system fails to properly encode or filter HTML special characters when composing messages about new certificate authority certificate updates, allowing an attacker to inject arbitrary HTML tags and JavaScript. This is a stored XSS vulnerability because the malicious payload persists in the notification email rather than being reflected in a single request. The affected product is the complete SEPPmail Secure Email Gateway application suite running on versions prior to 15.0.3, which handles email encryption, gateway functions, and certificate management across enterprise deployments.

RemediationAI

Vendor-released patch: SEPPmail Secure Email Gateway version 15.0.3 or later. Upgrade immediately to version 15.0.3 to remediate the HTML injection vulnerability in CA certificate notification emails. The fix addresses the input sanitization deficiency in the notification email generation process. For organizations unable to upgrade immediately, review access controls to the CA certificate management functions to limit who can trigger notifications, and educate email administrators not to click suspicious links or download content from CA certificate notification emails. Detailed patch information and upgrade instructions are available in the SEPPmail release notes at https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503.

CVE-2024-9043 CRITICAL
9.8 Sep 20

Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Rated critical severit

CVE-2024-20401 CRITICAL
9.8 Jul 17

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unau

CVE-2024-6744 CRITICAL
9.8 Jul 15

The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Ove

CVE-2026-44128 CRITICAL
9.3 May 08

Remote code execution in SEPPmail Secure Email Gateway versions prior to 15.0.2.1 enables unauthenticated attackers to e

CVE-2026-44125 CRITICAL
9.3 May 08

Authorization bypass in SEPPmail Secure Email Gateway versions prior to 15.0.4 enables remote unauthenticated attackers

CVE-2026-44127 HIGH
8.8 May 08

Remote unauthenticated attackers can read arbitrary local files and trigger deletion of targeted files in SEPPmail Secur

CVE-2026-29144 HIGH
7.8 Apr 02

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers to bypass subject sanitization and forge security t

CVE-2026-29143 HIGH
7.8 Apr 02

SEPPmail Secure Email Gateway before version 15.0.3 fails to properly authenticate inner messages within S/MIME-encrypte

CVE-2026-29139 HIGH
7.8 Apr 02

Account takeover in SEPPmail Secure Email Gateway versions before 15.0.3 allows unauthenticated attackers to reset victi

CVE-2026-29141 HIGH
7.7 Apr 02

SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to bypass subject line sanitization controls

CVE-2026-29140 HIGH
7.7 Apr 02

SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to inject malicious certificates into S/MIME

CVE-2026-8811 HIGH
7.1 Jun 18

Path traversal in SEPPmail Secure Email Gateway versions before 15.0.5 allows authenticated remote attackers to write fi

Share

EUVD-2026-18152 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy