Skip to main content

Seppmail

10 CVEs product

Monthly

CVE-2026-2743 CRITICAL Act Now

Remote code execution in SeppMail secure email gateway versions 15.0.2.1 and earlier allows unauthenticated attackers to write arbitrary files via path traversal in the Large File Transfer (LFT) feature of the User Web Interface, leading to full system compromise. The flaw carries a maximum CVSS 4.0 score of 10.0 reflecting network-reachable, no-privilege exploitation with scope-changing impact, and was disclosed by InfoGuard Labs alongside CVE-2026-7864, CVE-2026-44127, and CVE-2026-44128. No public exploit identified at time of analysis and EPSS sits at 0.52% (67th percentile), so widespread automated abuse has not yet materialized despite the critical severity.

RCE Path Traversal Seppmail
NVD VulDB
CVSS 4.0
10.0
EPSS
0.5%
CVE-2026-2748 MEDIUM This Month

SEPPmail Secure Email Gateway versions before 15.0.1 fail to properly validate S/MIME certificates with whitespace characters in email addresses, enabling attackers to forge digital signatures and impersonate legitimate senders. This integrity bypass affects organizations relying on SEPPmail for secure email validation and could undermine trust in digitally signed communications. No patch is currently available for affected installations.

Authentication Bypass Seppmail
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-2747 HIGH This Week

SEPPmail Secure Email Gateway versions prior to 15.0.1 fail to properly isolate decrypted PGP message content from surrounding plaintext, enabling attackers to access encrypted sensitive information over the network without authentication. This high-severity flaw affects organizations relying on SEPPmail for secure email handling and exposes confidential data despite encryption protections. No patch is currently available for this vulnerability.

Information Disclosure Seppmail
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-2746 MEDIUM This Month

Seppmail versions up to 15.0.1 is affected by improper verification of cryptographic signature (CVSS 5.3).

Information Disclosure Seppmail
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27445 MEDIUM This Month

Seppmail versions up to 15.0.1 is affected by improper verification of cryptographic signature (CVSS 5.3).

Information Disclosure Seppmail
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27444 HIGH This Week

SEPPmail Secure Email Gateway versions before 15.0.1 misinterpret email addresses in message headers, enabling attackers to spoof sender identities or decrypt encrypted communications due to inconsistent header parsing with standard mail infrastructure. This unauthenticated network-based vulnerability affects all default installations with no available patch, presenting significant risk to organizations relying on the gateway for email security.

Information Disclosure Seppmail
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27443 HIGH This Week

SEPPmail Secure Email Gateway versions before 15.0.1 fail to properly validate S/MIME message headers, enabling attackers to forge or manipulate email headers and bypass trust mechanisms without authentication. This allows adversaries to spoof trusted senders or inject malicious headers into encrypted messages, potentially facilitating phishing and social engineering attacks. No patch is currently available for affected installations.

Code Injection Seppmail
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27442 HIGH This Week

Improper filename validation in SEPPmail Secure Email Gateway's GINA web interface (versions before 15.0.1) enables unauthenticated remote attackers to access arbitrary files on the gateway through specially crafted encrypted email attachments. This path traversal vulnerability affects the confidentiality of sensitive data stored on affected systems. No patch is currently available.

Path Traversal Seppmail
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27441 CRITICAL Act Now

Command injection in SEPPmail Secure Email Gateway before 15.0.1 via PDF encryption password.

Command Injection Seppmail
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2022-41871 MEDIUM This Month

SEPPmail through 12.1.17 allows command injection within the Admin Portal. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE Seppmail
NVD
CVSS 3.1
6.0
EPSS
1.0%
EPSS 1% CVSS 10.0
CRITICAL Act Now

Remote code execution in SeppMail secure email gateway versions 15.0.2.1 and earlier allows unauthenticated attackers to write arbitrary files via path traversal in the Large File Transfer (LFT) feature of the User Web Interface, leading to full system compromise. The flaw carries a maximum CVSS 4.0 score of 10.0 reflecting network-reachable, no-privilege exploitation with scope-changing impact, and was disclosed by InfoGuard Labs alongside CVE-2026-7864, CVE-2026-44127, and CVE-2026-44128. No public exploit identified at time of analysis and EPSS sits at 0.52% (67th percentile), so widespread automated abuse has not yet materialized despite the critical severity.

RCE Path Traversal Seppmail
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

SEPPmail Secure Email Gateway versions before 15.0.1 fail to properly validate S/MIME certificates with whitespace characters in email addresses, enabling attackers to forge digital signatures and impersonate legitimate senders. This integrity bypass affects organizations relying on SEPPmail for secure email validation and could undermine trust in digitally signed communications. No patch is currently available for affected installations.

Authentication Bypass Seppmail
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SEPPmail Secure Email Gateway versions prior to 15.0.1 fail to properly isolate decrypted PGP message content from surrounding plaintext, enabling attackers to access encrypted sensitive information over the network without authentication. This high-severity flaw affects organizations relying on SEPPmail for secure email handling and exposes confidential data despite encryption protections. No patch is currently available for this vulnerability.

Information Disclosure Seppmail
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Seppmail versions up to 15.0.1 is affected by improper verification of cryptographic signature (CVSS 5.3).

Information Disclosure Seppmail
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Seppmail versions up to 15.0.1 is affected by improper verification of cryptographic signature (CVSS 5.3).

Information Disclosure Seppmail
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SEPPmail Secure Email Gateway versions before 15.0.1 misinterpret email addresses in message headers, enabling attackers to spoof sender identities or decrypt encrypted communications due to inconsistent header parsing with standard mail infrastructure. This unauthenticated network-based vulnerability affects all default installations with no available patch, presenting significant risk to organizations relying on the gateway for email security.

Information Disclosure Seppmail
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SEPPmail Secure Email Gateway versions before 15.0.1 fail to properly validate S/MIME message headers, enabling attackers to forge or manipulate email headers and bypass trust mechanisms without authentication. This allows adversaries to spoof trusted senders or inject malicious headers into encrypted messages, potentially facilitating phishing and social engineering attacks. No patch is currently available for affected installations.

Code Injection Seppmail
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper filename validation in SEPPmail Secure Email Gateway's GINA web interface (versions before 15.0.1) enables unauthenticated remote attackers to access arbitrary files on the gateway through specially crafted encrypted email attachments. This path traversal vulnerability affects the confidentiality of sensitive data stored on affected systems. No patch is currently available.

Path Traversal Seppmail
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Command injection in SEPPmail Secure Email Gateway before 15.0.1 via PDF encryption password.

Command Injection Seppmail
NVD
EPSS 1% CVSS 6.0
MEDIUM This Month

SEPPmail through 12.1.17 allows command injection within the Admin Portal. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE Seppmail
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy