CVE-2026-44126 | THREATINT

Description

SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object.

PUBLISHED Reserved 2026-05-05 | Published 2026-05-08 | Updated 2026-05-18 | Assigner NCSC.ch

CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-502 Deserialization of untrusted data

Product status

Default status

unaffected

Any version before 15.0.4

affected

Credits

Dario Weiss of InfoGuard Labs finder

References

downloads.seppmail.com/extrelnotes/150/ERN15.0.html

labs.infoguard.ch/...026-7864_cve-2026-44127_cve-2026-44128/

cve.org (CVE-2026-44126)

nvd.nist.gov (CVE-2026-44126)

Download JSON