CVE-2026-7864
Deferred Deferred - Pending Action
SEPPmail Secure Email Gateway Information Disclosure via Unauthenticated Endpoint

Publication date: 2026-05-08

Last updated on: 2026-05-18

Assigner: Switzerland Government Common Vulnerability Program

Description
SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-18
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-7864
EUVD
EUVD-2026-28590
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
seppmail secure_email_gateway to 15.0.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects SEPPmail Secure Email Gateway versions before 15.0.4. It involves an unauthenticated endpoint in the new GINA UI that exposes server environment variables. Because this endpoint does not require authentication, remote attackers can access sensitive system information by exploiting it.

Impact Analysis

The vulnerability allows remote attackers to obtain sensitive system information without authentication. This exposure can lead to increased risk of further attacks, as attackers may use the disclosed environment variables to identify weaknesses or gain deeper access to the system.

Detection Guidance

This vulnerability involves exposure of server environment variables through an unauthenticated endpoint in the SEPPmail Secure Email Gateway's new GINA UI before version 15.0.4.

Detection would typically involve checking if the vulnerable version of SEPPmail Secure Email Gateway is in use and whether the unauthenticated endpoint is accessible.

However, no specific detection commands or network scanning techniques are provided in the available information.

Mitigation Strategies

The vulnerability affects SEPPmail Secure Email Gateway versions before 15.0.4.

Immediate mitigation should include upgrading the SEPPmail Secure Email Gateway to version 15.0.4 or later, where this issue is resolved.

No other specific mitigation steps or workarounds are detailed in the provided information.

Compliance Impact

The vulnerability in SEPPmail Secure Email Gateway before version 15.0.4 allows remote attackers to obtain sensitive system information by exposing server environment variables through an unauthenticated endpoint. This exposure of sensitive information could potentially impact compliance with data protection standards and regulations such as GDPR and HIPAA, which require safeguarding sensitive data and preventing unauthorized access.

However, there is no specific information provided in the available resources about the direct impact of this vulnerability on compliance with these standards or any mitigation measures related to regulatory requirements.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7864. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart