CVE-2026-8811 is a HIGH-severity vulnerability (CVSS Score: 7.1) affecting SEPPmail versions before 15.0.5. The issue allows improper handling of attachment filenames during encrypted PDF generation, enabling attackers to create new files outside intended directories. This could potentially lead to files being placed in web-accessible locations. The vulnerability was published on June 18, 2026, and last m [truncated]
CVE-2026-44128 is a critical remote code execution issue in SEPPmail Secure Email Gateway before version 15.0.2.1. The supplied description says a new GINA UI endpoint passes attacker-controlled input from a parameter into Perl's eval(), which can let an unauthenticated remote attacker execute code on the appliance. Based on the published CVSS 9.3 score and NVD record, this is an urgent exposure for any o [truncated]
A critical arbitrary file write vulnerability in SeppMail's Large File Transfer (LFT) feature enables unauthenticated remote code execution through path traversal during file upload operations. The vulnerability affects SeppMail versions 15.0.2.1 and earlier, with a CVSS 4.0 score of 10.0 (Critical). The attack vector is network-accessible with low attack complexity, requiring no privileges or user intera [truncated]