CVE Catalog

CVE-2026-8811

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

23th percentile — higher than 23% of all known CVEs

Summary

SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory.

Risk Assessment

The ability to place files in web-accessible locations poses a risk of sensitive data exposure and system integrity breaches.

Recommendation

It is recommended to upgrade to SEPPmail version 15.0.5 or later to mitigate this vulnerability.

Original NVD description (English source)

SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS