Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.
AnalysisAI
Remote code execution in SEPPmail Secure Email Gateway versions prior to 15.0.2.1 enables unauthenticated attackers to execute arbitrary Perl code via the GINA UI. The vulnerability stems from an endpoint passing unsanitized user input directly to Perl's eval function, allowing complete system compromise. Reported by Switzerland's national CERT (NCSC.ch), this represents a critical pre-authentication attack surface requiring immediate patching.
Technical ContextAI
The vulnerability exploits Perl's eval function, which dynamically executes arbitrary code passed as strings. The new GINA UI (likely SEPPmail's Generation-Integrated Next Architecture interface) contains an endpoint that fails to sanitize attacker-controlled parameter input before passing it to eval. This is a textbook CWE-95 (Improper Neutralization of Directives in Dynamically Evaluated Code) vulnerability. When untrusted data flows directly into eval without validation, attackers can inject malicious Perl commands that execute with the privileges of the web application process. This affects SEPPmail Secure Email Gateway (cpe:2.3:a:seppmail_ag:secure_email_gateway), an enterprise email security appliance handling message filtering, encryption, and threat detection for organizations.
RemediationAI
Upgrade to SEPPmail Secure Email Gateway version 15.0.2.1 or later immediately, as documented in the vendor's external release notes at https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security. Given the unauthenticated remote code execution nature, this should be treated as an emergency patch cycle. If immediate patching is not feasible, implement network-level access restrictions to the GINA UI: restrict access to the vulnerable endpoint to trusted management networks only via firewall rules or reverse proxy controls, blocking all internet-facing access. Identify the specific GINA UI URL paths and apply allowlist-based access control. Monitor authentication logs and web server access logs for unusual POST/GET requests to GINA endpoints, particularly those containing Perl code patterns (system, exec, backticks, pipe operators). Note that access restrictions are temporary mitigations only and introduce operational overhead for legitimate remote administration - plan for rapid patch deployment within 24-48 hours of detection.
More in Secure Email Gateway
View allSecure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Rated critical severit
A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unau
The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Ove
Authorization bypass in SEPPmail Secure Email Gateway versions prior to 15.0.4 enables remote unauthenticated attackers
Remote unauthenticated attackers can read arbitrary local files and trigger deletion of targeted files in SEPPmail Secur
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers to bypass subject sanitization and forge security t
SEPPmail Secure Email Gateway before version 15.0.3 fails to properly authenticate inner messages within S/MIME-encrypte
Account takeover in SEPPmail Secure Email Gateway versions before 15.0.3 allows unauthenticated attackers to reset victi
SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to bypass subject line sanitization controls
SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to inject malicious certificates into S/MIME
Path traversal in SEPPmail Secure Email Gateway versions before 15.0.5 allows authenticated remote attackers to write fi
SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endp
Same weakness CWE-95 – Eval Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28588
GHSA-qwq6-r6c6-68jr