CVE-2026-44125
Deferred Deferred - Pending Action

Unauthenticated Access in SEPPmail Secure Email Gateway

Vulnerability report for CVE-2026-44125, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-08

Last updated on: 2026-05-18

Assigner: Switzerland Government Common Vulnerability Program

Description

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-08
Last Modified
2026-05-18
Generated
2026-07-09
AI Q&A
2026-05-08
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
seppmail secure_email_gateway to 15.0.4 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects SEPPmail Secure Email Gateway versions before 15.0.4. It occurs because the system fails to enforce authorization checks on multiple endpoints in the new GINA user interface. As a result, unauthenticated remote attackers can access functionality that should normally require a valid user session.

Impact Analysis

The vulnerability allows unauthenticated remote attackers to access protected functionality without proper authorization. This can lead to unauthorized access to sensitive features or data within the SEPPmail Secure Email Gateway, potentially compromising the security and confidentiality of email communications.

Mitigation Strategies

The vulnerability affects SEPPmail Secure Email Gateway versions before 15.0.4 by allowing unauthenticated remote attackers to access functionality without proper authorization.

To mitigate this vulnerability, you should upgrade SEPPmail Secure Email Gateway to version 15.0.4 or later, where the authorization checks for the GINA UI endpoints are properly enforced.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44125. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart