CVE-2026-29143
S/MIME Authentication Bypass in SEPPmail Gateway Before
Publication date: 2026-04-02
Last updated on: 2026-04-16
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| seppmail | secure_email_gateway | to 15.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects SEPPmail Secure Email Gateway versions before 15.0.3. It occurs because the software does not properly authenticate the inner message of S/MIME-encrypted MIME entities. As a result, an attacker can manipulate or control trusted email headers within these encrypted messages.
How can this vulnerability impact me? :
The vulnerability allows an attacker to control trusted headers in S/MIME-encrypted emails, which can lead to spoofing or manipulation of email content that is normally trusted. This could result in unauthorized actions, misinformation, or bypassing security controls that rely on these headers.