CVE-2026-2743

Critical CVSS: 10.0

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before

Vendor

Seppmail

Product

Seppmail

CWE

CWE-22

Yayın Tarihi

2026-03-05 07:16:14

Güncelleme

2026-03-09 18:31:01

Source Identifier

vulnerability@ncsc.ch

KEV Date Added

Kategoriler

CWE-22 Seppmail CRITICAL Seppmail 2026

Referanslar

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html https://labs.infoguard.ch/advisories/seppmail

Benzer Kayıtlar

Medium

CVE-2026-2747

SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding…

High

CVE-2026-2748

SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses…

Medium

CVE-2026-2746

SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, le…

Critical

CVE-2026-27442

The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenam…

High

CVE-2026-27443

SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME en…

High

CVE-2026-27444

SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing…