How serious is CVE-2026-2743?

This vulnerability has a CVSS score of 10 out of 10, classified as CRITICAL severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2026-2743?

Yes, proof-of-concept exploit code for CVE-2026-2743 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2026-2743?

CVE-2026-2743 affects seppmail seppmail. Check the full CVE details for specific version information.

How do I fix CVE-2026-2743?

To remediate CVE-2026-2743, check for security patches from seppmail. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-2743

Critical

|10.0

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to upload malicious files to a server, potentially leading to remote control of the system. It affects the large file transfer feature in SeppMail versions 15.0.2.1 and earlier, and requires the attacker to have access to the user web interface.

Technical Description

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$15,000($5K-$15K)

Vendor Response

Grade APatched in 4 days

Quick Information

Published

Mar 5, 2026

about 1 month ago

Last Modified

Mar 9, 2026

29 days ago

Vendor

seppmail

Product

seppmail

Related Vulnerabilities

CVE-2026-2748High

This vulnerability allows an attacker to spoof email signatures, making it look like an email comes from a trusted source. It occurs when the SEPPmail Secure Email Gateway improperly handles S/MIME certificates for email addresses that include spaces, which means attackers can exploit this flaw if they can create such certificates.

CVE-2026-2747Medium

This vulnerability allows an attacker to potentially access sensitive information in decrypted inline PGP messages because the system does not properly separate these messages from unencrypted content. For this to happen, the attacker must be able to send or manipulate emails that reach the SEPPmail Secure Email Gateway before version 15.0.1.

CVE-2026-2746Medium

This vulnerability allows an attacker to send forged emails that appear legitimate, as the email gateway fails to properly show whether the PGP signatures are valid. Users must be using SEPPmail Secure Email Gateway versions before 15.0.1 for this issue to affect them.

CVE-2026-27445Medium

This vulnerability allows an attacker to create fake email signatures that appear to come from trusted sources, potentially tricking recipients into believing the messages are legitimate. It affects versions of the SEPPmail Secure Email Gateway before 15.0.1 and occurs because the system fails to properly check if the signature is from the correct key.

CVE-2026-27444High

This vulnerability allows an attacker to spoof the sender's email address or decrypt emails by exploiting how the SEPPmail Secure Email Gateway handles email headers. It affects versions before 15.0.1, meaning users running older versions are at risk if they receive emails that take advantage of this flaw.