CVE-2026-44127
Deferred Deferred - Pending Action
Unauthenticated Path Traversal in SEPPmail Secure Email Gateway

Publication date: 2026-05-08

Last updated on: 2026-05-18

Assigner: Switzerland Government Common Vulnerability Program

Description
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the api.app process.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-18
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-44127
EUVD
EUVD-2026-28587
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
seppmail secure_email_gateway to 15.0.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in SEPPmail Secure Email Gateway versions before 15.0.4. It is an unauthenticated path traversal flaw in the identifier parameter of the /api.app/attachment/preview endpoint.

Remote attackers can exploit this vulnerability to read arbitrary local files on the server and also trigger deletion of files within the targeted directory. These actions occur with the privileges of the api.app process.

Impact Analysis

Exploitation of this vulnerability can lead to unauthorized disclosure of sensitive files stored on the server, potentially exposing confidential information.

Additionally, attackers can delete files within the targeted directory, which may disrupt service availability or cause data loss.

Since the actions are performed with the privileges of the api.app process, the impact depends on the permissions granted to that process, which could be significant.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44127. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart