CVE-2026-29144
Unicode Spoofing Bypass in SEPPmail Email Gateway
Publication date: 2026-04-02
Last updated on: 2026-04-16
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| seppmail | secure_email_gateway | to 15.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects SEPPmail Secure Email Gateway versions before 15.0.3. It allows an attacker to bypass the sanitization process of email subjects by using Unicode lookalike characters. This means the attacker can forge security tags in the email subject line that appear legitimate but are actually manipulated.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can manipulate email subjects to forge security tags, potentially misleading recipients or security systems about the nature or trustworthiness of the email. This could lead to security breaches such as phishing, spoofing, or bypassing email security policies.