8.8
CVE-2026-44127
- EPSS 15.65%
- Veröffentlicht 08.05.2026 13:13:05
- Zuletzt bearbeitet 18.05.2026 17:16:32
- Quelle vulnerability@ncsc.ch
- CVE-Watchlists
- Unerledigt
Local File Inclusion (LFI) and Arbitrary File Deletion
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the api.app process.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSEPPmail AG
≫
Produkt
Secure Email Gateway
Default Statusunaffected
Version
0
Version <
15.0.4
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 15.65% | 0.964 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| vulnerability@ncsc.ch | 8.8 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-73 External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security
https://labs.infoguard.ch/posts/seppmail_secure_e-mail_gateway_rce_vulnerabilities_cve-2026-2743_cve-2026-7864_cve-2026-44127_cve-2026-44128/