Skip to main content

SEPPmail EUVDEUVD-2026-45174

| CVE-2026-9592 HIGH
Use of GET Request Method With Sensitive Query Strings (CWE-598)
2026-07-17 NCSC.ch GHSA-2rg6-hxw2-6rh8
7.5
CVSS 4.0 · Vendor: NCSC.ch
Share

Severity by source

Vendor (NCSC.ch) PRIMARY
7.5 HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.1 HIGH

Token disclosure is exploitable by an on-path/adjacent attacker (AV:A) with no auth or interaction (PR:N/UI:N); session hijack yields high confidentiality and integrity impact, no availability effect (A:N).

3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (NCSC.ch).

CVSS VectorVendor: NCSC.ch

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 17, 2026 - 14:30 vuln.today
CVE Published
Jul 17, 2026 - 13:51 cve.org
HIGH 7.5

DescriptionCVE.org

SEPPmail Secure Email Gateway & SEPPmail Cloud before version 15.0.4.2 allows an attacker to replay & hijack a user session in the GINA web portal, as the session token is disclosed inside the URL and a HTTP header.

AnalysisAI

Session hijacking in SEPPmail Secure Email Gateway and SEPPmail Cloud before 15.0.4.2 lets an attacker who can observe traffic replay a victim's GINA web portal session because the session token is exposed both in the URL and in an HTTP header. Because the token travels in the request URL, it can leak into proxy logs, browser history, and Referer headers, enabling account takeover of the secure-message portal. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain adjacent-network or proxy/log position
Delivery
Observe GINA URL and HTTP header
Exploit
Extract disclosed session token
Execution
Replay token to GINA portal
Impact
Hijack authenticated user session

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to use the GINA web portal of a SEPPmail deployment older than 15.0.4.2, and the attacker to be able to observe the session token that the portal places in the request URL and an HTTP header - via the adjacent network (AV:A), an on-path proxy, a shared web/proxy access log, or a leaked Referer header. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 vector (AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H) rates this 7.5 High, but the Adjacent (AV:A) attack vector is the key limiter: an attacker must be positioned in the traffic path - same network segment, an intermediary proxy, or a system that receives leaked Referer/log data - rather than exploiting it directly across the open internet. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the same network segment as a GINA user, or with access to an intermediary proxy or web-server log, captures the session token embedded in the portal URL or HTTP header. They replay that token to hijack the victim's authenticated GINA session and read the victim's encrypted messages or act as the victim. …
Remediation Vendor-released patch: upgrade to SEPPmail 15.0.4.2 or later, which per the release notes removes the login redirect that disclosed the session token; SEPPmail Cloud tenants are updated by the vendor. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, audit your infrastructure to identify all SEPPmail deployments and confirm whether any instances run versions prior to 15.0.4.2; isolate affected systems from the network perimeter if feasible and document findings. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-45174 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy