CVE-2026-29141
Received
Received - Intake
Subject Sanitization Bypass in SEPPmail Gateway Allows Tag Forgery
Publication date: 2026-04-02
Last updated on: 2026-04-16
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK].
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| seppmail | secure_email_gateway | to 15.0.3 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects SEPPmail Secure Email Gateway versions before 15.0.3. It allows an attacker to bypass the subject sanitization process and forge tags such as [signed OK] in email subjects.
How can this vulnerability impact me? :
By exploiting this vulnerability, an attacker can manipulate email subject lines to include forged tags like [signed OK], potentially misleading recipients about the authenticity or integrity of the email.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70