Which versions of SEPPmail Secure Email Gateway are affected by EUVD-2026-28588?

SEPPmail Secure Email Gateway versions before 15.0.2.1 contain a critical remote code execution vulnerability allowing unauthenticated attackers to execute arbitrary commands through the GINA UI,…. A patch is available.

SEPPmail Secure Email Gateway EUVD-2026-28588

Q: What is the CVSS score of EUVD-2026-28588?

EUVD-2026-28588 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.3%.

| CVE-2026-44128 CRITICAL

Eval Injection (CWE-95)

2026-05-08 NCSC.ch

GHSA-qwq6-r6c6-68jr

RCE Code Injection

9.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 08, 2026 - 14:33 EUVD

Analysis Generated

May 08, 2026 - 14:31 vuln.today

CVSS changed

May 08, 2026 - 14:22 NVD

9.3 (CRITICAL)

CVE Published

May 08, 2026 - 13:13 nvd

CRITICAL 9.3

DescriptionNVD

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.

AnalysisAI

Remote code execution in SEPPmail Secure Email Gateway versions prior to 15.0.2.1 enables unauthenticated attackers to execute arbitrary Perl code via the GINA UI. The vulnerability stems from an endpoint passing unsanitized user input directly to Perl's eval function, allowing complete system compromise. …

RemediationAI

Within 24 hours: Identify all SEPPmail deployments and their current versions via asset inventory; isolate or air-gap systems running versions prior to 15.0.2.1 from untrusted networks if possible. Within 7 days: Upgrade all affected instances to version 15.0.2.1 or later per SEPPmail vendor guidance; validate upgrades in non-production environment first. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-28588 vulnerability details – vuln.today

Back

SEPPmail Secure Email Gateway EUVD-2026-28588

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

SEPPmail Secure Email Gateway EUVD-2026-28588

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code