Seppmail Secure Email Gateway
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Seppmail Secure Email Gateway.
By the Year
In 2026 there have been 22 vulnerabilities in Seppmail Secure Email Gateway.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 22 | 0.00 |
It may take a day or so for new Seppmail Secure Email Gateway vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Seppmail Secure Email Gateway Security Vulnerabilities
SEPPmail Secure Email Gateway <15.0.3: HTML Injection in CA Cert Emails
CVE-2026-29136
- April 02, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates.
XSS
SEPPmail Secure Email Gateway <15.0.3 Account Takeover via GINA Reinitialization
CVE-2026-29139
- April 02, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password.
Authentication Bypass Using an Alternate Path or Channel
SEPPmail SG <15.0.3 Subject Sanitize Bypass via Unicode Lookalike
CVE-2026-29144
- April 02, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters.
Improper Input Validation
SEPPmail Secure Email GW pre-15.0.3: Inner S/MIME msg auth bypass
CVE-2026-29143
- April 02, 2026
SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers.
Improper Input Validation
SEPPmail Secure Email Gateway 15.0.3: PGP Signature Spoof via Email Address
CVE-2026-29138
- April 02, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own.
LDAP Injection
SEPPmail SecureEmailGateway <15.0.3: Email Address Leak of Encrypted Mails
CVE-2026-29131
- April 02, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users.
LDAP Injection
SEPPmail Secure Email Gateway <15.0.3: GINA Email Forgery
CVE-2026-29142
- April 02, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email.
Missing Cryptographic Step
SEPPmail Secure Email Gateway <15.0.3: Hide Security Tags via Long Subject
CVE-2026-29137
- April 02, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject.
Improper Input Validation
SEPPmail Secure Email Gateway <15.0.3: Subject Sanitization Bypass & Tag Forgery
CVE-2026-29141
- April 02, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK].
Improper Input Validation
SEPPmail Gateway <=15.0.3 Password-Tag Bypass in Subject San
CVE-2026-29135
- April 02, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization.
Improper Input Validation
SEPPmail Secure Email Gateway <15.0.3 GINA Metadata Bypass (External User)
CVE-2026-29134
- April 02, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions.
Reliance on Untrusted Inputs in a Security Decision
SEPPmail Secure Email Gateway <15.0.3 S/MIME cert injection via signatures
CVE-2026-29140
- April 02, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures.
Improper Certificate Validation
SEPPmail SG<15.0.3: UID-Not-Matching PGP Key Upload
CVE-2026-29133
- April 02, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address.
Improper Input Validation
SEPPmail Secure Email Gateway 2FA Bypass via GINA before 15.0.3
CVE-2026-29132
- April 02, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails.
Missing Authentication for Critical Function
SEPPmail Email Gateway <15.0.1 PDF Pass Neutral OS CmdExec
CVE-2026-27441
- March 04, 2026
SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution.
Shell injection
SEPPmail S/MIME Cert Validation Flaw (pre-15.0.1) Enables Signature Spoofing
CVE-2026-2748
- March 04, 2026
SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing.
Improper Certificate Validation
SEPPmail Secure Email Gateway 15.0.1 GINA Web Path Traversal Attack
CVE-2026-27442
- March 04, 2026
The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway.
Directory traversal
SEPPmail SG PGP signature spoofing before v15.0.1
CVE-2026-27445
- March 04, 2026
SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing.
Improper Verification of Cryptographic Signature
SEPPmail Secure Email Gateway <15.0.1 Header Parsing flaw allows spoof/decrypt
CVE-2026-27444
- March 04, 2026
SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it.
Interpretation Conflict
SEPPmail Secure Email GW <15.0.1 PGP Inline Decryption Flaw Exposes Data
CVE-2026-2747
- March 04, 2026
SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor.
Information Disclosure
SEPPmail Secure Email Gateway <15.0.1 Header Injection via S/MIME
CVE-2026-27443
- March 04, 2026
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers.
Improper Input Validation
SEPPmail Secure Email Gateway <15.0.1 PGP Signature Verification Leak
CVE-2026-2746
- March 04, 2026
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails.
Improper Verification of Cryptographic Signature
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Seppmail Secure Email Gateway or by Seppmail? Click the Watch button to subscribe.
