CVE-2026-2747

Medium CVSS: 6.9

SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor.

Vendor

Seppmail

Product

Seppmail

CWE

CWE-200

Yayın Tarihi

2026-03-04 09:15:58

Güncelleme

2026-03-05 15:15:59

Source Identifier

vulnerability@ncsc.ch

KEV Date Added

Kategoriler

CWE-200 Seppmail MEDIUM Seppmail 2026

Referanslar

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure

Benzer Kayıtlar

Critical

CVE-2026-2743

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected fea…

High

CVE-2026-2748

SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses…

Medium

CVE-2026-2746

SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, le…

Critical

CVE-2026-27442

The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenam…

High

CVE-2026-27443

SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME en…

High

CVE-2026-27444

SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing…