CVE-2026-29137
Received
Received - Intake
Subject Length Manipulation in SEPPmail Gateway Allows Security Tag Hiding
Publication date: 2026-04-02
Last updated on: 2026-04-16
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| seppmail | secure_email_gateway | to 15.0.3 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can impact users by preventing them from seeing important security tags in emails. This could lead to users missing warnings or indicators about the security status of an email, potentially increasing the risk of phishing or other email-based attacks.
Can you explain this vulnerability to me?
This vulnerability affects SEPPmail Secure Email Gateway versions before 15.0.3. It allows an attacker to hide security tags from users by crafting an email with a long subject line.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70