How serious is CVE-2026-27441?

This vulnerability has a CVSS score of 9.5 out of 10, classified as CRITICAL severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2026-27441?

Yes, proof-of-concept exploit code for CVE-2026-27441 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2026-27441?

CVE-2026-27441 affects seppmail seppmail. Check the full CVE details for specific version information.

How do I fix CVE-2026-27441?

To remediate CVE-2026-27441, check for security patches from seppmail. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-27441

Critical

|9.5

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to execute commands on the operating system by exploiting a flaw in the way the SEPPmail Secure Email Gateway handles PDF encryption passwords. To take advantage of this, the attacker needs to send a specially crafted PDF file to the system.

Technical Description

SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$10,000($5K-$15K)

Vendor Response

Grade APatched in 1 day

Quick Information

Published

Mar 4, 2026

about 1 month ago

Last Modified

Mar 5, 2026

about 1 month ago

Vendor

seppmail

Product

seppmail

Related Vulnerabilities

CVE-2026-2743Critical

This vulnerability allows an attacker to upload malicious files to a server, potentially leading to remote control of the system. It affects the large file transfer feature in SeppMail versions 15.0.2.1 and earlier, and requires the attacker to have access to the user web interface.

CVE-2026-2748High

This vulnerability allows an attacker to spoof email signatures, making it look like an email comes from a trusted source. It occurs when the SEPPmail Secure Email Gateway improperly handles S/MIME certificates for email addresses that include spaces, which means attackers can exploit this flaw if they can create such certificates.

CVE-2026-2747Medium

This vulnerability allows an attacker to potentially access sensitive information in decrypted inline PGP messages because the system does not properly separate these messages from unencrypted content. For this to happen, the attacker must be able to send or manipulate emails that reach the SEPPmail Secure Email Gateway before version 15.0.1.

CVE-2026-2746Medium

This vulnerability allows an attacker to send forged emails that appear legitimate, as the email gateway fails to properly show whether the PGP signatures are valid. Users must be using SEPPmail Secure Email Gateway versions before 15.0.1 for this issue to affect them.

CVE-2026-27445Medium

This vulnerability allows an attacker to create fake email signatures that appear to come from trusted sources, potentially tricking recipients into believing the messages are legitimate. It affects versions of the SEPPmail Secure Email Gateway before 15.0.1 and occurs because the system fails to properly check if the signature is from the correct key.