Seppmail Secure Email Gateway vulnerabilities
22 known vulnerabilities affecting seppmail/secure_email_gateway.
Total CVEs
22
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH9MEDIUM9
Vulnerabilities
Page 1 of 2
CVE-2026-27441P2CRITICALCVSS 9.8fixed in 15.0.12026-03-04
CVE-2026-27441 [CRITICAL] CWE-78 CVE-2026-27441: SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption pa
SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution.
nvd
CVE-2026-29139P3CRITICALCVSS 9.8fixed in 15.0.32026-04-02
CVE-2026-29139 [CRITICAL] CWE-288 CVE-2026-29139: SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account
SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password.
nvd
CVE-2026-29143P3CRITICALCVSS 9.1fixed in 15.0.32026-04-02
CVE-2026-29143 [CRITICAL] CWE-20 CVE-2026-29143: SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message
SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers.
nvd
CVE-2026-29133P3CRITICALCVSS 9.1fixed in 15.0.32026-04-02
CVE-2026-29133 [CRITICAL] CWE-20 CVE-2026-29133: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address.
nvd
CVE-2026-27442P3HIGHCVSS 7.5fixed in 15.0.12026-03-04
CVE-2026-27442 [HIGH] CWE-22 CVE-2026-27442: The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly chec
The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway.
nvd
CVE-2026-29132P3HIGHCVSS 7.5fixed in 15.0.32026-04-02
CVE-2026-29132 [HIGH] CWE-306 CVE-2026-29132: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GIN
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails.
nvd
CVE-2026-29135P3HIGHCVSS 7.5fixed in 15.0.32026-04-02
CVE-2026-29135 [HIGH] CWE-20 CVE-2026-29135: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization.
nvd
CVE-2026-29134P3HIGHCVSS 7.5fixed in 15.0.32026-04-02
CVE-2026-29134 [HIGH] CWE-807 CVE-2026-29134: SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain
SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions.
nvd
CVE-2026-27443P3HIGHCVSS 7.5fixed in 15.0.12026-03-04
CVE-2026-27443 [HIGH] CWE-20 CVE-2026-27443: SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MI
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers.
nvd
CVE-2026-29131P3HIGHCVSS 7.5fixed in 15.0.32026-04-02
CVE-2026-29131 [HIGH] CWE-90 CVE-2026-29131: SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users.
nvd
CVE-2026-2747P3HIGHCVSS 7.5fixed in 15.0.12026-03-04
CVE-2026-2747 [HIGH] CWE-200 CVE-2026-2747: SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating t
SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor.
nvd
CVE-2026-29138P3HIGHCVSS 7.5fixed in 15.0.32026-04-02
CVE-2026-29138 [HIGH] CWE-90 CVE-2026-29138: SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own.
nvd
CVE-2026-27444P3HIGHCVSS 7.5fixed in 15.0.12026-03-04
CVE-2026-27444 [HIGH] CWE-436 CVE-2026-27444: SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the em
SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it.
nvd
CVE-2026-29141P4MEDIUMCVSS 5.3fixed in 15.0.32026-04-02
CVE-2026-29141 [MEDIUM] CWE-20 CVE-2026-29141: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitizatio
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK].
nvd
CVE-2026-29144P4MEDIUMCVSS 5.3fixed in 15.0.32026-04-02
CVE-2026-29144 [MEDIUM] CWE-20 CVE-2026-29144: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitizatio
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters.
nvd
CVE-2026-29136P4MEDIUMCVSS 6.1fixed in 15.0.32026-04-02
CVE-2026-29136 [MEDIUM] CWE-79 CVE-2026-29136: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notificat
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates.
nvd
CVE-2026-29137P4MEDIUMCVSS 5.3fixed in 15.0.32026-04-02
CVE-2026-29137 [MEDIUM] CWE-20 CVE-2026-29137: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from us
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject.
nvd
CVE-2026-29142P4MEDIUMCVSS 5.3fixed in 15.0.32026-04-02
CVE-2026-29142 [MEDIUM] CWE-325 CVE-2026-29142: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted ema
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email.
nvd
CVE-2026-29140P4MEDIUMCVSS 5.3fixed in 15.0.32026-04-02
CVE-2026-29140 [MEDIUM] CWE-295 CVE-2026-29140: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures.
nvd
CVE-2026-2746P4MEDIUMCVSS 5.3fixed in 15.0.12026-03-04
CVE-2026-2746 [MEDIUM] CWE-347 CVE-2026-2746: SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature veri
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails.
nvd
1 / 2Next →