cbcvebase.

Seppmail Secure Email Gateway vulnerabilities

22 known vulnerabilities affecting seppmail/secure_email_gateway.

Total CVEs
22
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH9MEDIUM9

Vulnerabilities

Page 1 of 2
CVE-2026-27441P2CRITICALCVSS 9.8fixed in 15.0.12026-03-04
CVE-2026-27441 [CRITICAL] CWE-78 CVE-2026-27441: SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption pa SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution.
nvd
CVE-2026-29139P3CRITICALCVSS 9.8fixed in 15.0.32026-04-02
CVE-2026-29139 [CRITICAL] CWE-288 CVE-2026-29139: SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password.
nvd
CVE-2026-29143P3CRITICALCVSS 9.1fixed in 15.0.32026-04-02
CVE-2026-29143 [CRITICAL] CWE-20 CVE-2026-29143: SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers.
nvd
CVE-2026-29133P3CRITICALCVSS 9.1fixed in 15.0.32026-04-02
CVE-2026-29133 [CRITICAL] CWE-20 CVE-2026-29133: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address.
nvd
CVE-2026-27442P3HIGHCVSS 7.5fixed in 15.0.12026-03-04
CVE-2026-27442 [HIGH] CWE-22 CVE-2026-27442: The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly chec The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway.
nvd
CVE-2026-29132P3HIGHCVSS 7.5fixed in 15.0.32026-04-02
CVE-2026-29132 [HIGH] CWE-306 CVE-2026-29132: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GIN SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails.
nvd
CVE-2026-29135P3HIGHCVSS 7.5fixed in 15.0.32026-04-02
CVE-2026-29135 [HIGH] CWE-20 CVE-2026-29135: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization.
nvd
CVE-2026-29134P3HIGHCVSS 7.5fixed in 15.0.32026-04-02
CVE-2026-29134 [HIGH] CWE-807 CVE-2026-29134: SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions.
nvd
CVE-2026-27443P3HIGHCVSS 7.5fixed in 15.0.12026-03-04
CVE-2026-27443 [HIGH] CWE-20 CVE-2026-27443: SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MI SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers.
nvd
CVE-2026-29131P3HIGHCVSS 7.5fixed in 15.0.32026-04-02
CVE-2026-29131 [HIGH] CWE-90 CVE-2026-29131: SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users.
nvd
CVE-2026-2747P3HIGHCVSS 7.5fixed in 15.0.12026-03-04
CVE-2026-2747 [HIGH] CWE-200 CVE-2026-2747: SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating t SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor.
nvd
CVE-2026-29138P3HIGHCVSS 7.5fixed in 15.0.32026-04-02
CVE-2026-29138 [HIGH] CWE-90 CVE-2026-29138: SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own.
nvd
CVE-2026-27444P3HIGHCVSS 7.5fixed in 15.0.12026-03-04
CVE-2026-27444 [HIGH] CWE-436 CVE-2026-27444: SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the em SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it.
nvd
CVE-2026-29141P4MEDIUMCVSS 5.3fixed in 15.0.32026-04-02
CVE-2026-29141 [MEDIUM] CWE-20 CVE-2026-29141: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitizatio SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK].
nvd
CVE-2026-29144P4MEDIUMCVSS 5.3fixed in 15.0.32026-04-02
CVE-2026-29144 [MEDIUM] CWE-20 CVE-2026-29144: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitizatio SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters.
nvd
CVE-2026-29136P4MEDIUMCVSS 6.1fixed in 15.0.32026-04-02
CVE-2026-29136 [MEDIUM] CWE-79 CVE-2026-29136: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notificat SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates.
nvd
CVE-2026-29137P4MEDIUMCVSS 5.3fixed in 15.0.32026-04-02
CVE-2026-29137 [MEDIUM] CWE-20 CVE-2026-29137: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from us SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject.
nvd
CVE-2026-29142P4MEDIUMCVSS 5.3fixed in 15.0.32026-04-02
CVE-2026-29142 [MEDIUM] CWE-325 CVE-2026-29142: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted ema SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email.
nvd
CVE-2026-29140P4MEDIUMCVSS 5.3fixed in 15.0.32026-04-02
CVE-2026-29140 [MEDIUM] CWE-295 CVE-2026-29140: SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures.
nvd
CVE-2026-2746P4MEDIUMCVSS 5.3fixed in 15.0.12026-03-04
CVE-2026-2746 [MEDIUM] CWE-347 CVE-2026-2746: SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature veri SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails.
nvd
Seppmail Secure Email Gateway vulnerabilities | cvebase