CVE-2026-2747 | THREATINT

Description

SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor.

PUBLISHED Reserved 2026-02-19 | Published 2026-03-04 | Updated 2026-03-04 | Assigner NCSC.ch

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status

unaffected

Any version before 15.0.1

affected

Timeline

2025-10-31:	Vulnerability disclosed to SEPPmail
2026-01-06:	SEPPmail version 15.0.1 released

Credits

Andris Suter-Dörig finder

Matteo Scarlata coordinator

Kenny Paterson coordinator

References

downloads.seppmail.com/extrelnotes/150/ERN15.0.html release-notes

cve.org (CVE-2026-2747)

nvd.nist.gov (CVE-2026-2747)

Download JSON