Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters.
AnalysisAI
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers to bypass subject sanitization and forge security tags by exploiting Unicode lookalike characters, enabling email spoofing and phishing attacks that evade gateway security controls. This vulnerability affects all versions prior to 15.0.3, impacts organizations relying on SEPPmail for email security, and requires immediate patching. No public exploit code has been identified at the time of analysis.
Technical ContextAI
The vulnerability stems from insufficient input validation (CWE-20) in SEPPmail's subject line and security tag processing mechanisms. The root cause involves the gateway's failure to normalize or properly validate Unicode characters, allowing attackers to use visually similar Unicode lookalike characters (homoglyphs) to bypass sanitization filters designed to prevent subject line manipulation and forged security tags. Security tags are typically used by email gateways to indicate authentication status, encryption, or other security properties to end users; Unicode homoglyphs can make malicious content appear legitimate to human readers while technically satisfying the gateway's validation logic. The affected product is SEPPmail Secure Email Gateway, a message security and compliance appliance used for email filtering and policy enforcement.
RemediationAI
Vendor-released patch: upgrade SEPPmail Secure Email Gateway to version 15.0.3 or later. Organizations should apply this patch immediately, as the vulnerability enables trivial email spoofing attacks that directly undermine gateway security. Consult the official SEPPmail release notes at https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503 for upgrade procedures and any interim mitigations. No workarounds to block Unicode homoglyph attacks are practical without patching the underlying validation logic; temporary compensating controls such as user awareness training about suspicious visual artifacts in subjects may provide minimal defense pending patch deployment.
More in Secure Email Gateway
View allSecure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Rated critical severit
A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unau
The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Ove
Remote code execution in SEPPmail Secure Email Gateway versions prior to 15.0.2.1 enables unauthenticated attackers to e
Authorization bypass in SEPPmail Secure Email Gateway versions prior to 15.0.4 enables remote unauthenticated attackers
Remote unauthenticated attackers can read arbitrary local files and trigger deletion of targeted files in SEPPmail Secur
SEPPmail Secure Email Gateway before version 15.0.3 fails to properly authenticate inner messages within S/MIME-encrypte
Account takeover in SEPPmail Secure Email Gateway versions before 15.0.3 allows unauthenticated attackers to reset victi
SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to bypass subject line sanitization controls
SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to inject malicious certificates into S/MIME
Path traversal in SEPPmail Secure Email Gateway versions before 15.0.5 allows authenticated remote attackers to write fi
SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endp
Same weakness CWE-20 – Improper Input Validation
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18168
GHSA-vc5m-vgvg-698r