CVE-2026-44125 | THREATINT

Description

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.

PUBLISHED Reserved 2026-05-05 | Published 2026-05-08 | Updated 2026-05-08 | Assigner NCSC.ch

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-862: Missing Authorization

Product status

Default status

unaffected

Any version before 15.0.4

affected

References

downloads.seppmail.com/extrelnotes/150/ERN15.0.html

cve.org (CVE-2026-44125)

nvd.nist.gov (CVE-2026-44125)

Download JSON