How serious is CVE-2026-27443?

This vulnerability has a CVSS score of 8.2 out of 10, classified as HIGH severity. No public exploit code has been identified yet.

Which products are affected by CVE-2026-27443?

CVE-2026-27443 affects seppmail seppmail. Check the full CVE details for specific version information.

How do I fix CVE-2026-27443?

To remediate CVE-2026-27443, check for security patches from seppmail. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-27443

High

|8.2

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to manipulate trusted email headers in SEPPmail Secure Email Gateway, potentially leading to phishing attacks or other malicious activities. It affects versions prior to 15.0.1 and requires the attacker to send specially crafted S/MIME protected emails to exploit the flaw.

Technical Description

SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$3,526($1K-$5K)

Vendor Response

Grade APatched in 1 day

Quick Information

Published

Mar 4, 2026

about 1 month ago

Last Modified

Mar 5, 2026

about 1 month ago

Vendor

seppmail

Product

seppmail

Related Vulnerabilities

CVE-2026-2743Critical

This vulnerability allows an attacker to upload malicious files to a server, potentially leading to remote control of the system. It affects the large file transfer feature in SeppMail versions 15.0.2.1 and earlier, and requires the attacker to have access to the user web interface.

CVE-2026-2748High

This vulnerability allows an attacker to spoof email signatures, making it look like an email comes from a trusted source. It occurs when the SEPPmail Secure Email Gateway improperly handles S/MIME certificates for email addresses that include spaces, which means attackers can exploit this flaw if they can create such certificates.

CVE-2026-2747Medium

This vulnerability allows an attacker to potentially access sensitive information in decrypted inline PGP messages because the system does not properly separate these messages from unencrypted content. For this to happen, the attacker must be able to send or manipulate emails that reach the SEPPmail Secure Email Gateway before version 15.0.1.

CVE-2026-2746Medium

This vulnerability allows an attacker to send forged emails that appear legitimate, as the email gateway fails to properly show whether the PGP signatures are valid. Users must be using SEPPmail Secure Email Gateway versions before 15.0.1 for this issue to affect them.

CVE-2026-27445Medium

This vulnerability allows an attacker to create fake email signatures that appear to come from trusted sources, potentially tricking recipients into believing the messages are legitimate. It affects versions of the SEPPmail Secure Email Gateway before 15.0.1 and occurs because the system fails to properly check if the signature is from the correct key.