CVE-2026-8811
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory.
Risk Assessment
The ability to place files in web-accessible locations poses a risk of sensitive data exposure and system integrity breaches.
Recommendation
It is recommended to upgrade to SEPPmail version 15.0.5 or later to mitigate this vulnerability.
Original NVD description (English source)
SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations.

