Vulnerabilities in SEPPMail Secure E-Mail Gateway pose a significant threat to enterprise email security. The latest update addresses multiple critical vulnerabilities, including path traversal, sensitive system information exposure, and remote code execution. Stay informed about the latest security threats and take proactive steps to protect your organization's email security.
In a recent development that has left the cybersecurity community on high alert, it has been disclosed that SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, is vulnerable to multiple critical security flaws. The vulnerabilities, identified by InfoGuard Labs researchers Dario Weiss, Manuel Feifel, and Olivier Becker, pose a significant threat to organizations that rely on SEPPMail for their email security needs.
The most severe vulnerability, CVE-2026-2743, is a path traversal vulnerability in the SeppMail User Web Interface's large file transfer (LFT) feature. This vulnerability allows an attacker to execute arbitrary code, including remote code execution, by manipulating the LFT feature. The researchers noted that this vulnerability could have been exploited to read all mail traffic or as an entry vector into the internal network.
Another critical vulnerability, CVE-2026-7864, is an exposure of sensitive system information vulnerability that leaks server environment variables through an unauthenticated endpoint in the new GINA UI. This vulnerability could potentially allow an attacker to access sensitive information about the SEPPMail appliance, including configuration files and system logs.
A third vulnerability, CVE-2026-44125, is a missing authorization check vulnerability for multiple endpoints in the new GINA UI that allows unauthenticated remote attackers to access functionality that would otherwise require a valid session. This vulnerability could be exploited by an attacker to gain unauthorized access to sensitive data and systems.
A fourth vulnerability, CVE-2026-44126, is a deserialization of untrusted data vulnerability that allows unauthenticated remote attackers to execute code via a crafted serialized object. This vulnerability could potentially allow an attacker to inject malicious code into the SEPPMail appliance's system.
A fifth and final vulnerability, CVE-2026-44127, is an unauthenticated path traversal vulnerability in "/api.app/attachment/preview" that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the "api.app" process. This vulnerability could potentially allow an attacker to access sensitive data on the SEPPMail appliance.
A sixth and final vulnerability, CVE-2026-44128, is an eval injection vulnerability that allows unauthenticated remote code execution by taking advantage of the fact that the /api.app/template feature directly passes user-supplied input into a Perl eval() statement without any sanitization. This vulnerability could potentially allow an attacker to execute arbitrary code on the SEPPMail appliance.
A seventh and final vulnerability, CVE-2026-44129, is an improper neutralization of special elements used in a template engine vulnerability that allows remote attackers to execute arbitrary template expressions and potentially achieve remote code execution depending on the enabled template plugins.
The researchers noted that these vulnerabilities could have been exploited by an attacker to read all mail traffic or as an entry vector into the internal network, resulting in a complete takeover of the SEPPMail appliance. The vulnerabilities were addressed in versions 15.0.2.1 and 15.0.3, respectively.
It's worth noting that these vulnerabilities are not only a threat to email security but also to the overall security posture of organizations that rely on SEPPMail for their email security needs. It is essential for organizations to take immediate action to patch these vulnerabilities and ensure that their email security systems are up-to-date with the latest security patches.
SEPPMail has released updates to resolve another critical flaw (CVE-2026-27441, CVSS score: 9.5) that could allow arbitrary operating system command execution. However, it's unclear whether this vulnerability is related to or separate from the vulnerabilities disclosed by InfoGuard Labs.
It's essential for organizations to stay informed about the latest security vulnerabilities and take proactive steps to protect themselves against potential threats. By doing so, organizations can minimize their exposure to risk and ensure that their email security systems are secure and up-to-date.