CVE-2026-2743 | THREATINT

Description

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before

PUBLISHED Reserved 2026-02-19 | Published 2026-03-05 | Updated 2026-03-05 | Assigner NCSC.ch

CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status

unknown

unknown (-)

affected

Credits

Manuel Feifel and Dario Weiss of InfoGuard Labs finder

References

downloads.seppmail.com/extrelnotes/150/ERN15.0.html

labs.infoguard.ch/advisories/seppmail

cve.org (CVE-2026-2743)

nvd.nist.gov (CVE-2026-2743)

Download JSON