CVE-2026-8811 | THREATINT

Description

SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations.

PUBLISHED Reserved 2026-05-18 | Published 2026-06-18 | Updated 2026-06-18 | Assigner NCSC.ch

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L

Problem types

CWE-22

Product status

Default status

unaffected

Any version before 15.0.5

affected

Credits

Andris Suter-Dörig (ETH Zürich, Applied Crypto Group) finder

Olivier Becker (InfoGuard AG) finder

References

downloads.seppmail.com/extrelnotes/150/ERN15.0.html

cve.org (CVE-2026-8811)

nvd.nist.gov (CVE-2026-8811)

Download JSON