Seppmail Ag Secure Email Gateway vulnerabilities
7 known vulnerabilities affecting seppmail_ag/secure_email_gateway.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-44127P2HIGHCVSS 8.8fixed in 15.0.42026-05-08
CVE-2026-44127 [HIGH] CWE-73 CVE-2026-44127: SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulne
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the api.app process.
nvd
CVE-2026-44128P2CRITICALCVSS 9.3fixed in 15.0.2.12026-05-08
CVE-2026-44128 [CRITICAL] CWE-95 CVE-2026-44128: SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution i
SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.
nvd
CVE-2026-44125P2CRITICALCVSS 9.3fixed in 15.0.42026-05-08
CVE-2026-44125 [CRITICAL] CWE-862 CVE-2026-44125: SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multip
SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.
nvd
CVE-2026-44126P2CRITICALCVSS 9.2fixed in 15.0.42026-05-08
CVE-2026-44126 [CRITICAL] CWE-502 CVE-2026-44126: SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which ca
SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object.
nvd
CVE-2026-44129P2HIGHCVSS 8.3fixed in 15.0.42026-05-08
CVE-2026-44129 [HIGH] CWE-1336 CVE-2026-44129: SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulner
SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code execution depending on the enabled template plugins.
nvd
CVE-2026-7864P3MEDIUMCVSS 6.9fixed in 15.0.42026-05-08
CVE-2026-7864 [MEDIUM] CWE-497 CVE-2026-7864: SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an
SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information.
nvd
CVE-2026-8811P3HIGHCVSS 7.1fixed in 15.0.52026-06-18
CVE-2026-8811 [HIGH] CWE-22 CVE-2026-8811: SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF
SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations.
nvd