Seppmail Secure Email Gateway — known CVE vulnerabilities
Every CVE whose affected-product data names Seppmail Secure Email Gateway, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2026-29139 — CVSS 9.8 (critical): SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim…
CVE-2026-29143 — CVSS 9.1 (critical): SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities…
CVE-2026-29133 — CVSS 9.1 (critical): SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address.
CVE-2026-29135 — CVSS 7.5 (high): SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization.
CVE-2026-29138 — CVSS 7.5 (high): SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP…
CVE-2026-29131 — CVSS 7.5 (high): SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails…
CVE-2026-29132 — CVSS 7.5 (high): SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password…
CVE-2026-29134 — CVSS 7.5 (high): SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain…
CVE-2026-29136 — CVSS 6.1 (medium): SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates.
CVE-2026-29137 — CVSS 5.3 (medium): SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject.
CVE-2026-29140 — CVSS 5.3 (medium): SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future…
CVE-2026-29141 — CVSS 5.3 (medium): SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK].
CVE-2026-29142 — CVSS 5.3 (medium): SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email.
CVE-2026-29144 — CVSS 5.3 (medium): SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode…