Which versions of SEPPmail Secure Email Gateway are affected by EUVD-2026-28587?

CVE-2026-44127 affects SEPPmail Secure Email Gateway versions before 15.0.4, allowing unauthenticated remote attackers to read arbitrary files and delete targeted files through a path traversal flaw…. A patch is available.

SEPPmail Secure Email Gateway EUVD-2026-28587

Q: What is the CVSS score of EUVD-2026-28587?

EUVD-2026-28587 has a CVSS 4.0 base score of 8.8 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2026-44127 HIGH

External Control of File Name or Path (CWE-73)

2026-05-08 NCSC.ch

GHSA-gh4w-5vrf-hhcg

Path Traversal

8.8

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 08, 2026 - 14:33 EUVD

Analysis Generated

May 08, 2026 - 14:30 vuln.today

CVSS changed

May 08, 2026 - 14:22 NVD

8.8 (HIGH)

CVE Published

May 08, 2026 - 13:13 nvd

HIGH 8.8

DescriptionNVD

SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the api.app process.

AnalysisAI

Remote unauthenticated attackers can read arbitrary local files and trigger deletion of targeted files in SEPPmail Secure Email Gateway versions before 15.0.4 through path traversal in the /api.app/attachment/preview endpoint. The vulnerability allows exploitation without authentication or user interaction (CVSS:4.0 AV:N/AC:L/PR:N/UI:N), enabling attackers to exfiltrate sensitive configuration files, credentials, or email data, and selectively delete files with api.app process privileges. …

RemediationAI

Within 24 hours: Identify all SEPPmail Secure Email Gateway appliances in your environment and document current versions; isolate or restrict network access to the /api.app/attachment/preview endpoint if immediate patching is not feasible. Within 7 days: Upgrade all affected instances to SEPPmail version 15.0.4 or later; verify patch deployment across all gateways. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-28587 vulnerability details – vuln.today

Back

SEPPmail Secure Email Gateway EUVD-2026-28587

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

SEPPmail Secure Email Gateway EUVD-2026-28587

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code