CVE-2026-44125
Unauthenticated Access in SEPPmail Secure Email Gateway
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| seppmail | secure_email_gateway | to 15.0.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects SEPPmail Secure Email Gateway versions before 15.0.4. It occurs because the system fails to enforce authorization checks on multiple endpoints in the new GINA user interface. As a result, unauthenticated remote attackers can access functionality that should normally require a valid user session.
How can this vulnerability impact me? :
The vulnerability allows unauthenticated remote attackers to access protected functionality without proper authorization. This can lead to unauthorized access to sensitive features or data within the SEPPmail Secure Email Gateway, potentially compromising the security and confidentiality of email communications.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability affects SEPPmail Secure Email Gateway versions before 15.0.4 by allowing unauthenticated remote attackers to access functionality without proper authorization.
To mitigate this vulnerability, you should upgrade SEPPmail Secure Email Gateway to version 15.0.4 or later, where the authorization checks for the GINA UI endpoints are properly enforced.