CVE-2026-44128

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval...

CVE-2026-44125

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session...

CVE-2026-7864

SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information...

CVE-2026-44129

SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code executio...

EUVD-2026-28586

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session...

EUVD-2026-28588

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval...

CVE-2026-7864

SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information...

CVE-2026-44129

SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code executio...

CVE-2026-44126

SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object...

CVE-2026-44128

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval...

CVE-2026-44126

CVE-2026-44126 affects SEPPmail Secure Email Gateway (pre-15.0.4). The issue is insecure deserialization of untrusted data reachable from the new GINA UI, enabling unauthenticated remote code execution via a crafted serialized object. Exploit details, affected versions, and exact remediation are ...

CVE-2026-44126 Insecure deserialization

SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object...

CVE-2026-44126

SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object...

CVE-2026-44125 Missing Authorization in GINAv2

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session...

CVE-2026-44125

Affected product/variant: SEPPmail Secure Email Gateway (GINA UI). Vulnerability summary: Versions before 15.0.4 fail to enforce authorization checks on multiple endpoints in the new GINA UI, enabling unauthenticated remote access to functionality that should require a valid session. Impact (as s...

CVE-2026-44125 Missing Authorization in GINAv2

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session...

CVE-2026-44129 Server-side template injection

SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code executio...

CVE-2026-44129

CVE-2026-44129 affects SEPPmail Secure Email Gateway prior to version 15.0.4, where a server-side template injection exists in the new GINA UI. An endpoint accepts attacker-controlled templates, enabling remote attackers to execute arbitrary template expressions and potentially achieve remote cod...

CVE-2026-44129 Server-side template injection

SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code executio...

CVE-2026-44128 Unauthenticated Remote Code Execution

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval...