CVE-2026-7864 is a medium-severity information disclosure issue in SEPPmail Secure Email Gateway before version 15.0.4. An unauthenticated endpoint in the new GINA UI can expose server environment variables, which may reveal sensitive system details to remote attackers. The supplied metadata maps this to CWE-497 and shows no Known Exploited Vulnerabilities (KEV) listing in the provided corpus.
CVE-2026-44129 affects SEPPmail Secure Email Gateway before version 15.0.4. The issue is a server-side template injection vulnerability in the new GINA UI: an endpoint accepts attacker-controlled template input, which can let a remote attacker execute arbitrary template expressions. Depending on which template plugins are enabled, the impact may extend to remote code execution. NVD lists the vulnerability [truncated]
