CVE-2026-27444 | THREATINT

Description

SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it.

PUBLISHED Reserved 2026-02-19 | Published 2026-03-04 | Updated 2026-03-04 | Assigner NCSC.ch

HIGH: 7.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N

Problem types

CWE-436 Interpretation Conflict

Product status

Default status

unaffected

Any version before 15.0.1

affected

Timeline

2025-10-31:	Vulnerability disclosed to SEPPmail
2026-01-06:	Version 15.0.1 released

Credits

Andris Suter-Dörig finder

Matteo Scarlata coordinator

Kenny Paterson coordinator

References

downloads.seppmail.com/extrelnotes/150/ERN15.0.html release-notes

cve.org (CVE-2026-27444)

nvd.nist.gov (CVE-2026-27444)

Download JSON