How serious is CVE-2026-27442?

This vulnerability has a CVSS score of 9.3 out of 10, classified as CRITICAL severity. No public exploit code has been identified yet.

Which products are affected by CVE-2026-27442?

CVE-2026-27442 affects seppmail seppmail. Check the full CVE details for specific version information.

How do I fix CVE-2026-27442?

To remediate CVE-2026-27442, check for security patches from seppmail. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-27442

Critical

|9.3

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to access files stored on the SEPPmail Secure Email Gateway by exploiting a flaw in how attachment filenames are checked in encrypted emails. It affects versions before 15.0.1, meaning any system running an older version is at risk if it processes GINA-encrypted emails.

Technical Description

The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$8,000($5K-$15K)

Vendor Response

Grade APatched in 1 day

Quick Information

Published

Mar 4, 2026

about 1 month ago

Last Modified

Mar 5, 2026

about 1 month ago

Vendor

seppmail

Product

seppmail

Related Vulnerabilities

CVE-2026-2743Critical

This vulnerability allows an attacker to upload malicious files to a server, potentially leading to remote control of the system. It affects the large file transfer feature in SeppMail versions 15.0.2.1 and earlier, and requires the attacker to have access to the user web interface.

CVE-2026-2748High

This vulnerability allows an attacker to spoof email signatures, making it look like an email comes from a trusted source. It occurs when the SEPPmail Secure Email Gateway improperly handles S/MIME certificates for email addresses that include spaces, which means attackers can exploit this flaw if they can create such certificates.

CVE-2026-2747Medium

This vulnerability allows an attacker to potentially access sensitive information in decrypted inline PGP messages because the system does not properly separate these messages from unencrypted content. For this to happen, the attacker must be able to send or manipulate emails that reach the SEPPmail Secure Email Gateway before version 15.0.1.

CVE-2026-2746Medium

This vulnerability allows an attacker to send forged emails that appear legitimate, as the email gateway fails to properly show whether the PGP signatures are valid. Users must be using SEPPmail Secure Email Gateway versions before 15.0.1 for this issue to affect them.

CVE-2026-27445Medium

This vulnerability allows an attacker to create fake email signatures that appear to come from trusted sources, potentially tricking recipients into believing the messages are legitimate. It affects versions of the SEPPmail Secure Email Gateway before 15.0.1 and occurs because the system fails to properly check if the signature is from the correct key.