CVE-2026-7864

CVE-2026-7864 is a medium-severity vulnerability with a CVSS 4.0 base score of 6.9. Its EPSS exploit-prediction score of 17% places it in the 97th percentile, indicating an elevated likelihood of exploitation. The underlying weakness is classified as CWE-497.

Key facts

Description

SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information.

Frequently asked questions

What is CVE-2026-7864?
SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information.
How severe is CVE-2026-7864?
CVE-2026-7864 has a CVSS 4.0 base score of 6.9, rated medium severity.
Is CVE-2026-7864 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 17% (97th percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2026-7864?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2026-7864 have an EU (EUVD) identifier?
Yes. CVE-2026-7864 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-28590.
When was CVE-2026-7864 published?
CVE-2026-7864 was published on 2026-05-08 and last updated on 2026-06-17.

References

Other CWE-497 vulnerabilities

Browse all CWE-497 vulnerabilities →