CVE-2026-44125
Deferred Deferred - Pending Action
Unauthenticated Access in SEPPmail Secure Email Gateway

Publication date: 2026-05-08

Last updated on: 2026-05-18

Assigner: Switzerland Government Common Vulnerability Program

Description
SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-18
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-44125
EUVD
EUVD-2026-28586
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
seppmail secure_email_gateway to 15.0.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects SEPPmail Secure Email Gateway versions before 15.0.4. It occurs because the system fails to enforce authorization checks on multiple endpoints in the new GINA user interface. As a result, unauthenticated remote attackers can access functionality that should normally require a valid user session.

Impact Analysis

The vulnerability allows unauthenticated remote attackers to access protected functionality without proper authorization. This can lead to unauthorized access to sensitive features or data within the SEPPmail Secure Email Gateway, potentially compromising the security and confidentiality of email communications.

Mitigation Strategies

The vulnerability affects SEPPmail Secure Email Gateway versions before 15.0.4 by allowing unauthenticated remote attackers to access functionality without proper authorization.

To mitigate this vulnerability, you should upgrade SEPPmail Secure Email Gateway to version 15.0.4 or later, where the authorization checks for the GINA UI endpoints are properly enforced.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44125. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart