CVE-2026-44125
CriticalSummary
SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.
Risk Assessment
The organization may be exposed to unauthorized access to sensitive functions, potentially leading to data breaches or other serious security incidents.
Recommendation
It is recommended to upgrade to version 15.0.4 or later to mitigate these authorization vulnerabilities.
Original NVD description (English source)
SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.

