← volver
CVE-2026-8811

Path traversal in PDF generation module

CVSS 7.1 HIGHEPSS 0.3%CWE-22
SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L
Productos afectados
SEPPmail AG · Secure Email Gateway

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#possible-path-traversal-vulnerability