CVE Catalog

CVE-2026-44128

Critical
Published: Translated: NVD NIST

Summary

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.

Risk Assessment

Exploitation of this vulnerability could lead to full system compromise, posing a serious threat to the organization's data security.

Recommendation

It is recommended to upgrade to version 15.0.2.1 or later to mitigate the risk associated with this vulnerability.

Original NVD description (English source)

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS