CVE-2026-44125

Missing Authorization in GINAv2

CVSS 9.3 CRITICALEPSS 0.4%CWE-862

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

SEPPmail AG · Secure Email Gateway

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security https://labs.infoguard.ch/posts/seppmail_secure_e-mail_gateway_rce_vulnerabilities_cve-2026-2743_cve-2026-7864_cve-2026-44127_cve-2026-44128/