CVE-2026-44128 SEPPmail CVE debrief

Who should care

SEPPmail Secure Email Gateway administrators, security teams, and anyone exposing the GINA UI or related management surfaces to untrusted networks should treat this as urgent.

Technical summary

The CVE description states that, in the new GINA UI, an endpoint passes attacker-controlled parameter input to Perl's eval(), creating an unauthenticated remote code execution path. The NVD record rates the issue critical with CVSS 9.3 and indicates network attack conditions with no privileges required and no user interaction. The affected range is SEPPmail Secure Email Gateway before 15.0.2.1.

Defensive priority

Critical / urgent. Patch immediately and reduce exposure until remediation is confirmed.

Recommended defensive actions

• Upgrade SEPPmail Secure Email Gateway to version 15.0.2.1 or later.
• Restrict or remove network access to the GINA UI and related management interfaces until patched.
• Inventory all SEPPmail deployments to confirm whether any vulnerable versions are still in service.
• Review web, application, and system logs for unusual requests targeting the GINA UI and for unexpected Perl or child-process activity.
• Follow the vendor release notes and supporting analysis linked in the source corpus for validation and rollback guidance.
• If compromise is suspected, isolate the system and initiate incident response procedures.

Evidence notes

The source corpus includes the NVD description for CVE-2026-44128, which says the issue affects SEPPmail Secure Email Gateway before 15.0.2.1 and can enable unauthenticated remote code execution via attacker-controlled input reaching Perl eval(). NVD also lists the record as Deferred and cites the SEPPmail security release notes plus a third-party Infoguard analysis referenced by NCSC. No exploit instructions are included here.

Official resources