CVE-2026-29138
Received
Received - Intake
PGP Signature Spoofing in SEPPmail Secure Email Gateway
Publication date: 2026-04-02
Last updated on: 2026-04-16
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| seppmail | secure_email_gateway | to 15.0.3 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-90 | The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects SEPPmail Secure Email Gateway versions before 15.0.3. It allows attackers who use a specially crafted email address to falsely claim another user's PGP signature as their own.
How can this vulnerability impact me? :
The vulnerability can lead to attackers impersonating other users by claiming their PGP signatures. This can undermine the authenticity and trustworthiness of signed emails, potentially leading to unauthorized actions or misinformation being accepted as legitimate.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70