CVE-2026-29136
Received
Received - Intake
HTML Injection in SEPPmail Gateway Notification Emails
Publication date: 2026-04-02
Last updated on: 2026-04-16
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| seppmail | secure_email_gateway | to 15.0.3 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in SEPPmail Secure Email Gateway versions before 15.0.3. It allows an attacker to inject HTML code into notification emails that inform recipients about new Certificate Authority (CA) certificates.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to manipulate the content of notification emails by injecting malicious HTML. This could potentially lead to phishing attacks, misleading information, or other malicious activities targeting users who receive these emails.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70