CVE-2026-27444
Email Header Parsing Flaw in SEPPmail Gateway Enables Spoofing
Publication date: 2026-03-04
Last updated on: 2026-03-05
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| seppmail | seppmail | to 15.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-436 | Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in SEPPmail Secure Email Gateway versions before 15.0.1. It causes the software to incorrectly interpret email addresses in the email headers. This misinterpretation leads to conflicts with other mail infrastructure components.
As a result, an attacker can exploit this flaw to fake the source of an email or decrypt the email content.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to impersonate the source of an email, potentially leading to phishing or spoofing attacks.
Additionally, the attacker may be able to decrypt emails, compromising the confidentiality of sensitive communications.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know