CVE-2026-7864
SEPPmail Secure Email Gateway Information Disclosure via Unauthenticated Endpoint
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| seppmail | secure_email_gateway | to 15.0.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects SEPPmail Secure Email Gateway versions before 15.0.4. It involves an unauthenticated endpoint in the new GINA UI that exposes server environment variables. Because this endpoint does not require authentication, remote attackers can access sensitive system information by exploiting it.
How can this vulnerability impact me? :
The vulnerability allows remote attackers to obtain sensitive system information without authentication. This exposure can lead to increased risk of further attacks, as attackers may use the disclosed environment variables to identify weaknesses or gain deeper access to the system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves exposure of server environment variables through an unauthenticated endpoint in the SEPPmail Secure Email Gateway's new GINA UI before version 15.0.4.
Detection would typically involve checking if the vulnerable version of SEPPmail Secure Email Gateway is in use and whether the unauthenticated endpoint is accessible.
However, no specific detection commands or network scanning techniques are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability affects SEPPmail Secure Email Gateway versions before 15.0.4.
Immediate mitigation should include upgrading the SEPPmail Secure Email Gateway to version 15.0.4 or later, where this issue is resolved.
No other specific mitigation steps or workarounds are detailed in the provided information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in SEPPmail Secure Email Gateway before version 15.0.4 allows remote attackers to obtain sensitive system information by exposing server environment variables through an unauthenticated endpoint. This exposure of sensitive information could potentially impact compliance with data protection standards and regulations such as GDPR and HIPAA, which require safeguarding sensitive data and preventing unauthorized access.
However, there is no specific information provided in the available resources about the direct impact of this vulnerability on compliance with these standards or any mitigation measures related to regulatory requirements.