Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK].
AnalysisAI
SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to bypass subject line sanitization controls and forge authentication tags such as [signed OK], enabling email spoofing attacks that could deceive recipients into trusting fraudulent or malicious messages. The vulnerability affects all versions prior to 15.0.3 and has been publicly disclosed by NCSC.ch; no public exploit code or active exploitation has been independently confirmed at time of analysis.
Technical ContextAI
SEPPmail Secure Email Gateway is a mail security appliance that sanitizes email headers and applies trust indicators (such as [signed OK] tags) to inform recipients about message authentication status. The vulnerability stems from improper input validation (CWE-20: Improper Input Validation) in the subject line processing logic, allowing attackers to inject or manipulate these authentication tags. The affected product is identified by CPE cpe:2.3:a:seppmail:secure_email_gateway:*:*:*:*:*:*:*:*, indicating all versions of the gateway prior to patching are in scope. By forging authentication tags, attackers can circumvent the gateway's core function of providing recipients with reliable indicators of message legitimacy, breaking the trust chain that email security gateways are designed to establish.
RemediationAI
The primary remediation is to upgrade SEPPmail Secure Email Gateway to version 15.0.3 or later. Vendor-released patch: 15.0.3 (available per the Release Notes published at https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503). Organizations should apply this update promptly to restore proper subject line sanitization and prevent tag forgery. Interim workarounds such as additional email filtering rules or user awareness training on suspicious authentication indicators may provide limited defense-in-depth during patch testing, but do not replace the patch. After patching, administrators should monitor email logs for evidence of past exploitation attempts and consider notifying users if suspected phishing campaigns exploiting this bypass have been detected.
More in Secure Email Gateway
View allSecure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Rated critical severit
A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unau
The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Ove
Remote code execution in SEPPmail Secure Email Gateway versions prior to 15.0.2.1 enables unauthenticated attackers to e
Authorization bypass in SEPPmail Secure Email Gateway versions prior to 15.0.4 enables remote unauthenticated attackers
Remote unauthenticated attackers can read arbitrary local files and trigger deletion of targeted files in SEPPmail Secur
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers to bypass subject sanitization and forge security t
SEPPmail Secure Email Gateway before version 15.0.3 fails to properly authenticate inner messages within S/MIME-encrypte
Account takeover in SEPPmail Secure Email Gateway versions before 15.0.3 allows unauthenticated attackers to reset victi
SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to inject malicious certificates into S/MIME
Path traversal in SEPPmail Secure Email Gateway versions before 15.0.5 allows authenticated remote attackers to write fi
SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endp
Same weakness CWE-20 – Improper Input Validation
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18162
GHSA-239h-g863-fm9x