CVE-2026-44127 – SEPPmail Secure Email Gateway and SeppMail

SEPPmail has released patches addressing multiple severe vulnerabilities across SeppMail and Secure Email Gateway. The most critical issue, CVE-2026-2743, carries a CVSS score of 10.0, which is Critical severity, and allows remote code execution through a path traversal flaw in the large file transfer feature. Additional critical vulnerabilities include CVE-2026-44125 (CVSS 9.3), CVE-2026-44126 (CVSS 9.2), and CVE-2026-44128 (CVSS 9.3), which enable unauthorized access to protected endpoints, deserialization-based remote code execution, and eval injection leading to code execution. High-severity issues such as CVE-2026-44127 (CVSS 8.8) and CVE-2026-44129 (CVSS 8.3) allow arbitrary file access, deletion, and execution of malicious template expressions. CVE-2026-7864 carries a CVSS score of 6.9, which is Medium severity, exposing sensitive system information via an unauthenticated endpoint.

These vulnerabilities impact core email handling, file transfer, and template processing functions, creating multiple paths for attackers to gain access, execute code, or extract sensitive data without authentication. There is no verified evidence of active exploitation or publicly available proof-of-concept code associated with these vulnerabilities.