Critical security flaws affecting SEPPMail Secure E-Mail Gateway have been publicly disclosed, potentially exposing sensitive company data and enabling attackers to gain unauthorized access. Researchers from InfoGuard Labs identified multiple vulnerabilities within the enterprise-grade email security solution, some of which carry a critical CVSS score of 10.0, indicating a high risk of exploitation.
These vulnerabilities, detailed in a recent report, could allow threat actors to execute remote code on the virtual appliance, read arbitrary emails, and potentially gain a foothold within an organization’s internal network. The findings highlight the ongoing challenges in securing robust email communication channels against increasingly sophisticated cyber threats.
SEPPMail Secure E-Mail Gateway Vulnerabilities Pose Significant Risk
InfoGuard Labs researchers Dario Weiss, Manuel Feifel, and Olivier Becker detailed a series of critical vulnerabilities found in SEPPMail Secure E-Mail Gateway. Their report, published on a Monday, outlines how these flaws could be leveraged to compromise the security of the gateway, which is designed to protect enterprise email traffic.
The identified flaws range in severity, with several rated as high or critical. These vulnerabilities include path traversal, information exposure, missing authorization checks, deserialization of untrusted data, and evaluation injection. Each of these could be exploited by remote, unauthenticated attackers, posing a substantial threat to organizations relying on SEPPMail for their email security.
Specific Vulnerabilities and Exploitation Scenarios
Among the most severe is CVE-2026-2743, a path traversal vulnerability with a CVSS score of 10.0. This flaw resides within the SeppMail User Web Interface’s large file transfer (LFT) feature. Successful exploitation could allow an attacker to write arbitrary files to the system, leading to remote code execution. Researchers suggest a hypothetical attack scenario where an attacker could overwrite the system’s syslog configuration file (`/etc/syslog.conf`).
By manipulating this configuration, an attacker could establish a Perl-based reverse shell. This would grant them complete control over the SEPPmail appliance, enabling them to read all mail traffic and maintain persistent access. A key challenge in this specific exploit involves triggering the syslog daemon (`syslogd`) to re-read its configuration. However, the researchers noted that the appliance’s log rotation mechanism, managed by `newsyslog` via cron jobs, can be manipulated. By artificially inflating log files, they can force a rotation, which subsequently prompts `syslogd` to reload its configuration, thus enabling the exploit.
Other significant vulnerabilities include CVE-2026-44125 (CVSS 9.3) and CVE-2026-44128 (CVSS 9.3), both of which could lead to unauthenticated remote code execution. CVE-2026-44128, specifically, is an eval injection vulnerability where user-supplied input in the `/api.app/template` feature is directly passed into a Perl `eval()` statement without proper sanitization.
Additionally, CVE-2026-7864 (CVSS 6.9) involves the exposure of sensitive system information through an unauthenticated endpoint in the new GINA UI. This could reveal server environment variables to unauthorized parties. CVE-2026-44127 (CVSS 8.8), an unauthenticated path traversal vulnerability in `/api.app/attachment/preview`, allows attackers to read local files and potentially delete files within the targeted directory with the privileges of the `api.app` process.
Addressing the Vulnerabilities and Future Outlook
SEPPMail has been actively working to patch these discovered security weaknesses. According to the researchers, CVE-2026-44128 was addressed in version 15.0.2.1, while CVE-2026-44126 was resolved with the release of version 15.0.3. The remaining identified vulnerabilities have been patched in version 15.0.4.
This disclosure follows closely on the heels of SEPPmail releasing updates to fix another critical flaw, CVE-2026-27441 (CVSS: 9.5), which allowed for arbitrary operating system command execution. Organizations using SEPPMail Secure E-Mail Gateway are strongly advised to ensure they are running the latest available versions of the software to mitigate these risks. The ongoing discovery of such vulnerabilities underscores the importance of continuous security assessments and prompt patching for all network infrastructure components, particularly those handling sensitive communication data.