CVE-2026-7864 | THREATINT

Description

SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information.

PUBLISHED Reserved 2026-05-05 | Published 2026-05-08 | Updated 2026-05-08 | Assigner NCSC.ch

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-497 Exposure of sensitive system information to an unauthorized control sphere

Product status

Default status

unaffected

Any version before 15.0.4

affected

References

downloads.seppmail.com/extrelnotes/150/ERN15.0.html

cve.org (CVE-2026-7864)

nvd.nist.gov (CVE-2026-7864)

Download JSON