CVE-2026-44126 | THREATINT

Description

SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object.

PUBLISHED Reserved 2026-05-05 | Published 2026-05-08 | Updated 2026-05-08 | Assigner NCSC.ch

CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-502 Deserialization of untrusted data

Product status

Default status

unaffected

Any version before 15.0.4

affected

References

downloads.seppmail.com/extrelnotes/150/ERN15.0.html

cve.org (CVE-2026-44126)

nvd.nist.gov (CVE-2026-44126)

Download JSON