SEPPMail Secure E-Mail Gateway critical multi-CVE flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
SEPPMail Secure E-Mail Gateway was disclosed with multiple critical vulnerabilities that can lead to remote code execution, arbitrary file read/write, and access to mail traffic on the appliance. The flaws include CVE-2026-2743, CVE-2026-44126, CVE-2026-44127, and CVE-2026-44128, spanning path traversal, deserialization, auth bypass, and eval injection issues. Several weaknesses affect the User Web Interface and the new GINA UI, making exposed gateways a high-risk target. Fixes were released in 15.0.2.1, 15.0.3, and 15.0.4.
Timeline
-
19.05.2026 12:23 2 articles · 8d ago
SEPPMail Secure E-Mail Gateway vulnerabilities disclosed
Initial DisclosureInfoGuard Labs disclosed multiple critical vulnerabilities in SEPPMail Secure E-Mail Gateway, including CVE-2026-2743, CVE-2026-7864, CVE-2026-44125, CVE-2026-44126, CVE-2026-44127, CVE-2026-44128, and CVE-2026-44129. The weaknesses span path traversal, sensitive information exposure, missing authorization checks, deserialization of untrusted data, eval injection, and template injection, with potential impact ranging from arbitrary file read/write and file deletion to remote code execution and access to mail traffic on the virtual appliance. Remediation was noted in version 15.0.2.1 for CVE-2026-44128, version 15.0.3 for CVE-2026-44126, and version 15.0.4 for the remaining flaws.
Show sources
- SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access — thehackernews.com — 19.05.2026 12:23
- SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access — thehackernews.com — 19.05.2026 12:23